The New BEC Phishing Attack: Stealing Data Instead Of Cash

Duped by phishers posing as company executives, Seagate and Snapchat expose employee tax, payroll data.



Perhaps inspired by business email compromise (BEC) phishing campaigns' astonishing success at parting companies from their money, phishermen are using the same tactics to part companies from their data.

In BEC phishing campaigns, attackers posing as business executives send messages to individuals in business departments who handle large payments and convince them to wire transfer huge sums of money to an attacker-controlled account. Now, as tax season (and tax fraud season) is underway, they're asking for employee data, instead of money.

Last week, Snapchat announced that a scammer impersonating their CEO tricked their payroll department into emailing an attacker the payroll information of current and former Snapchat employees. Saturday, it was reported that Alaskan telecom GCI was tricked into handing over employee W-2 forms by a phisher posing as the company's CFO. Sunday, it was reported that a Seagate employee was also fooled into sending thousands of employee W-2's by an email sent to HR and finance personnel by a phisher posing as the company CEO. 

All companies reported the incidents to federal authorities and offered affected individuals credit monitoring. 

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service