Another business discloses a breach that sounds like it might have been another business email compromise (impersonation) scam: We are writing to tell you about a data security incident that may have exposed some of your personal information as an employee of Central Concrete Supply Co., Inc., Right Away Redy Mix, Inc., or Rock Transport, Inc….
Category: Phishing
Snapchat “just impossibly sorry” after employee payroll data compromised in BEC scam
John Russell reports that a number of Snapchat’s current and former employees had their payroll information stolen after an employee fell for what has become a common attack known as BEC (Business Email Compromise). In BEC, a scammer poses as a corporate executive and sends an email requesting payroll or customer data. “Last Friday, Snapchat’s payroll department was targeted by an…
St. Joseph Hospital employee information leaked in phishing scam
News12 reports: A Passaic County hospital says that a security breach caused some personal information about some of its employees to get out. Saint Joseph’s Healthcare System in Paterson says that a phishing scam has led to the unintentional disclosure of employee information, including social security numbers. “The information disclosed did not include any employee…
Oregon man pleads guilty to “phishing” celebrity nude photos
AP reports: An Oregon man who accessed hundreds of email accounts and stole explicit photos of celebrities pleaded guilty Thursday to a felony hacking charge in Los Angeles. Andrew Helton of Astoria, Oregon, faces up to five years in prison after pleading guilty to stealing nude or explicit photos from 13 people, including some unidentified…
NY: Phishing scheme may have resulted in tax refund fraud
There’s an update to a reported phishing attack involving Hudson City School District. John Mason and Roger Hannigan report: The phishing scam that netted the Social Security numbers of all Hudson City School District staff members has moved in a troubling new direction. Several staff members, according to District Superintendent Maria Suttmeier, have started to…
Former U.S. Nuclear Regulatory Commission Employee Pleads Guilty to Attempted Spear-Phishing Cyber-Attack on Department of Energy Computers
There’s a follow-up to a case I first noted in May of 2015. Charles Harvey Eccleston, 62, a former employee of the U.S. Department of Energy (DOE) and the U.S. Nuclear Regulatory Commission (NRC), pleaded guilty yesterday to a federal offense stemming from an attempted e-mail “spear-phishing” attack in January 2015 that targeted dozens of DOE…