How it really happened : NINJIO Season 1, Episode 7, W-2 Heist

ep7blog

As we saw in the W-2 Heist Episode, a bank heist brought together a bank robber and a beautiful computer hacker who called herself a “Skacker” (Half Scammer, Half Hacker)  The skacker, while being held hostage explains the low risk and high rewards of using social media and social engineering to make significant amounts of money by hacking. Through a spear phishing scam, she explains how easy it is gather confidential information, such as W-2 records, and file fraudulent tax returns.

 

Sending W-2 and other confidential information through email is risky in more ways than one.  The first step in sending this sort of information, if your company policy allows it, is to be absolutely sure that the recipient is who you think they are.  

 

How it Really Happened:  

 

Tax Fraud Two-Step Phishing for W2s

Sprouts employees were the latest victim of a spear phishing attack aimed at obtaining thousands of W2s. The spear phishing attack was aimed at a payroll employee. Attackers pretended to be a corporate executive to trick the employee into sending 21,000 W2 forms.

 

W-2 Phishing Scams Likely to Resurface After the New Year

Although Sprouts Farmer’s Market employees were the latest victims in a large-scale spear phishing attack, other companies have also been targets and victims. This article investigates the rising popularity of these schemes.

 

Spear Phishing: Scam, Not Sport

Spear phishing is a type of phishing attack, but it’s much more targeted towards specific employees. This article explains spear phishing and what you can do to avoid them.

 

How fact-checking could thwart phishing attacks

Most companies have spam filters that block spoofed messages, but some of them still penetrate IT filters. This article discusses how to identify a phishing message to avoid falling for the attack.

 

The First Five Things to do After a Phishing Attack

Even with education and defenses, some employees still fall for the attack. This article covers things a company should do after a phishing attack.

 

5 Comments
  • Jack
    Posted at 16:37h, 05 July

    excellent training…Thank you

  • Lisa Younger
    Posted at 15:19h, 22 July

    Good training

  • Lisa Younger
    Posted at 15:21h, 22 July

    I liked the video

  • CPI
    Posted at 16:54h, 07 November

    Understanding how to protect your self from a cyber attack is a necessary skill, tks.

  • Jaden Do
    Posted at 17:06h, 21 November

    Thanks for the info