Snapchat's Payroll Department Falls For Phishing Scam

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
It's kinda scary that, in this day and age. anyone would fall for something like this. No user data was compromised but a "number of employees" have had their identities compromised. :(


We’re a company that takes privacy and security seriously. So it’s with real remorse–and embarrassment–that one of our employees fell for a phishing scam and revealed some payroll information about our employees. The good news is that our servers were not breached, and our users’ data was totally unaffected by this. The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry.
 
This is why it is so hard to idiot proof anything, Nature just builds a better idiot :)
 
My job has taught me that you should never expect anyone in HR or Payroll to be technically savvy. So, this isn't terribly surprising. Most of the time when I have to talk software with someone in Payroll, I have to break out a puppet show for them.
 
"And we have since contacted the affected employees and have offered them two years of free identity-theft insurance and monitoring."
Oh yay. Hopefully the thieves won't just sit on it two years. Or the monitoring will actually prevent them from ordering new credit cards and such.
 
As an IT worker for a mid-to-large size company, this doesn't surprise me at all. People still open .zip files from 'UPS' looking for tracking information for shipments that they aren't expecting, or .exe files for invoices from companies we have never heard of. Then when we block those sorts of attachments upper management yells at us because we are limiting our users' ability to more easily work with our customers and venders. It is crazy what people will fall for, and what we are forced to allow our users to do.
 
Shmee said:
As an IT worker for a mid-to-large size company, this doesn't surprise me at all. People still open .zip files from 'UPS' looking for tracking information for shipments that they aren't expecting, or .exe files for invoices from companies we have never heard of. Then when we block those sorts of attachments upper management yells at us because we are limiting our users' ability to more easily work with our customers and venders. It is crazy what people will fall for, and what we are forced to allow our users to do.
Click to expand...

+100

Block too much and everyone complains, allow something like this to get through, and it's "why didn't the AV software catch it"
 
Marketing copy is always so funny:

"We’re a company that takes privacy and security seriously."

We think you're retarded because we've already demonstrated several times that this claim is patently false.

"So it’s with real remorse–and embarrassment–that one of our employees fell for a phishing scam and revealed some payroll information about our employees."

We're blaming corporate incompetence on one guy, who we'll fire just to make you feel better.

"The good news is that our servers were not breached, and our users’ data was totally unaffected by this."

You can't prove that we lost your data yet.

"The bad news is that a number of our employees have now had their identity compromised. And for that, we’re just impossibly sorry."

We're just soooooo sorry, but we're not doing anything about it.
 
We had a user (during a phishing training no less) tell us that she tried opening an attachment from USPS about a shipment. It wouldn't open, so she tried several other times.

Users are typically the weakest link in the chain. I've had people give out their credit card numbers to those people, and I had to tell them it was a scam. Of course, it's IT's fault for letting it in. Dumbasses.
 
You must log in or register to reply here.
Back
Top