A Snapchat employee fell for a W-2 phishing scam last week, compromising the identity information of other existing and ex-employees. The FBI calls this a Business Email Compromise, also known as CEO Fraud. We ourselves at KnowBe4 received one of these scams just a few days ago and customers have reported identical scams to us through their KnowBe4 Phish Alert Button.
The email received spoofed Snapchat's CEO Evan Spiegel. The hacker requested payroll information for existing and ex-employees. The hacker then exposed that information to the outside world. Snapchat issued a public apology to its workers in a blog post on Sunday.
Since Snapchat became hugely popular in 2013, they have been in the public eye regarding data security and hackers said they were able to penetrate Snapchat's networks.
Snapchat didn't react fast enough, and one day into the 2014 New Year, a database of 4.6 million numbers and user names were leaked online. Snapchat's security problems escalated further that year when hackers also raided a third-party app and stole tens of thousands of photos and videos.
Since those breaches Snapchat has learned a lesson or two about Incident Response, and they have been quicker to admit to, apologize for, and fix its mistakes. "We're a company that takes privacy and security seriously," Snapchat's latest explanation reads. "So it's with real remorse--and embarrassment--that one of our employees fell for a phishing scam."
I guess it's time to step those employees through new-school security awareness training, which is a combination of interactive, engaging browser-based training followed by frequent simulated phishing attacks.
Find out how affordable this is for your organization and be pleasantly surprised.
Related Pages: Phishing