After 24 days of updating my scratch list of incidents involving phishing for W-2 information (business email compromise), I decided to take stock and try to organize what we have so far. I was surprised to see that there were already 90 incidents (make that 126 as of May 18th). Most of these entries were found…
Category: Phishing
FBI: $2.3 Billion Lost to CEO Email Scams
While I keep updating my leetle list of entities disclosing their employees’ W-2 data has been phished, Brian Krebs reports that the FBI has issued an alert: The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss…
Metropolitan Jewish Health System notifies members and patients of phishing incident
Notice Regarding Phishing Email Incident Metropolitan Jewish Health System, Inc. and its participating agencies and programs (including Menorah Home and Hospital for the Aged and Infirm d/b/a Menorah Center for Rehabilitation and Nursing Care; Metropolitan Jewish Home Care, Inc. d/b/a MJHS Home Care; MJHS Hospice and Palliative Care, Inc.; Institute for Applied Gerontology d/b/a MJHS…
Mattel nearly loses $3M to a phishing scam
Bryan Clark reports: A finance executive fell victim to a phishing scam that saw the Los Angeles-based maker of children’s toys wire a cool $3 million to Chinese hackers. Expertly timed during a period of corporate change, the email hit the inbox of the unnamed executive and requested a new vendor payment in the amount of…
Grand Ole Opry Parent Company Falls Victim to Phishing Scam
Today’s reminder that we’re not done with all the phishing that snagged employee W-2 data. Nashville’s Ryman Hospitality Properties has fallen victim to a fraudulent phishing scam that resulted in employees’ IRS W-2 information, which includes Social Security numbers, being disclosed externally, Billboard has learned. The company is parent to entertainment brands the Grand Ole Opry, Nashville’s historic Ryman Auditorium and legendary…
Hackers reportedly access OpSec employee data
How embarrassing would it be to have a firm named OpSec Security that advertises it’s “trusted by over 400 companies and 50 government agencies” – and then it falls for a phishing scheme? Tim Stuhldreher reports: In the wake of a data breach, an anti-counterfeiting company with local sales and manufacturing operations is advising its employees to be…