03 Jul How it really happened : NINJIO Season 1, Episode 7, W-2 Heist
As we saw in the W-2 Heist Episode, a bank heist brought together a bank robber and a beautiful computer hacker who called herself a “Skacker” (Half Scammer, Half Hacker) The skacker, while being held hostage explains the low risk and high rewards of using social media and social engineering to make significant amounts of money by hacking. Through a spear phishing scam, she explains how easy it is gather confidential information, such as W-2 records, and file fraudulent tax returns.
Sending W-2 and other confidential information through email is risky in more ways than one. The first step in sending this sort of information, if your company policy allows it, is to be absolutely sure that the recipient is who you think they are.
How it Really Happened:
Sprouts employees were the latest victim of a spear phishing attack aimed at obtaining thousands of W2s. The spear phishing attack was aimed at a payroll employee. Attackers pretended to be a corporate executive to trick the employee into sending 21,000 W2 forms.
Although Sprouts Farmer’s Market employees were the latest victims in a large-scale spear phishing attack, other companies have also been targets and victims. This article investigates the rising popularity of these schemes.
Spear phishing is a type of phishing attack, but it’s much more targeted towards specific employees. This article explains spear phishing and what you can do to avoid them.
Most companies have spam filters that block spoofed messages, but some of them still penetrate IT filters. This article discusses how to identify a phishing message to avoid falling for the attack.
Even with education and defenses, some employees still fall for the attack. This article covers things a company should do after a phishing attack.