Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Crime Government The Almighty Buck United States

Seagate Hit By Targeted Phishing Attacks Seeking W2 Data (csoonline.com) 26

itwbennett writes: You can add Seagate to the growing list (now up to 7) of companies hit by malware seeking W2 data on employees. As reported on Slashdot, Snapchat disclosed the last weekend of February that someone had posed as the company's CEO and received payroll data on 700 employees. The other companies hit by similar phishing scams so far are Central Concrete Supply Co., Mercy Housing Inc., Magnolia Health Corporation, BrightView, and Polycom. Seagate learned of the incident on March 1, and the story was broken by Brian Krebs after a former employee received a notice and reached out to him.
This discussion has been archived. No new comments can be posted.

Seagate Hit By Targeted Phishing Attacks Seeking W2 Data

Comments Filter:
  • by Anonymous Coward

    Cyber insurance, for lack of a better word (shudder), is going to be big. It has to, given the number of attacks going on there is too much profit potential. As the products mature it will be interesting to see if the actuaries consider more fine-grained factors for pricing like:
    - Will the standard policy end up disclaiming phishing attacks altogether?
    - Will premiums vary significantly by the amount of equipment/software installed per vendor's security reputation? i.e. much higher premiums for Microsoft

  • Can concur (Score:5, Insightful)

    by RevDisk ( 740008 ) on Monday March 07, 2016 @10:56AM (#51653389) Journal
    Know of a couple companies getting hit by this very attack. Zero technical aspect, just straight social engineering. "Hey, it's (CEO), do me a favor and send me a zip of all the W2s. I need this right away" or similar. Usually with forged email headers, but sometimes with similar domain names. One used a capital i instead of an L, which was admittedly hard to spot for an average user. They wanted an ACH transfer, which was odd enough it immediately rung warning bells everywhere. Some folks catch it, some don't.

    Talk with your finance and HR folks, schedule training. They're going after W2's for fraudulent tax returns. Places where I do security, we routinely register or blacklist lookalike domains, set up mail servers to be resistant to spoofing/manipulation, multi stage filtering, etc. Nothing will trump good training for the users.
    • by Anonymous Coward on Monday March 07, 2016 @11:31AM (#51653571)

      "Hey, it's (CEO), do me a favor and send me a zip of all the W2s. I need this right away"

      This is why encryption and signing should mandatory best practices. If your boss ever does send unsigned requests of that nature, or accepts unencrypted replies containing sensitive data, then he should be held responsible. (This is 1990 level tech we're talking about here. After a quarter of a century, you are expected to know how to handle it.)

      And then if the boss does things right but the underling does wrong (by accepting unauthenticated requests and replying without encrypting with the boss'public key) then you hold them responsible. Got phished? Get fired. But it only makes sense to have such a policy, when the employeee already knows that their bosses emails are signed.

      C'mon, CEOs, it's the mid 1990s and finally time to learn how to use email in your organization. You are negligent if you aren't doing it, and the people you do business with are negligent if they aren't doing it.

      • Bosses would be safer if they expected themselves to follow the rules.
        In the army you will not be demoted as a lowest rank soldier for asking any officers their credentials.

        In a company most of the security teams/managers expect bypasses in chain of commands when rules goes from top to bottom.

        This social engineering attack known since Mitnick is purely exploiting a simple corporate culture bug. And now it is showing consequences at higher levels.

        Well, managers should be held responsible and liable for their

      • by RevDisk ( 740008 )
        I don't disagree, but reality can be more complex than mere technical issues.

        Encrypting the data with strong crypto is very good, but what happens if the password picked is trivial?
        If a computer is hijacked with malware, it is possible to use a person's actual email utility and compromised passphrase.


        Technology is always a good thing, but it is no substitute for competent, well trained employees.
        • by KGIII ( 973947 )

          The biggest security hole (and also potentially greatest asset) is seated in the chair.

  • If it was that easy to pass yourself off as the CEO, why not just say "I want to cash in some of my savings plan. Send it to account XXXXXXXXX. And while your at it, drop the price on all our drives by 65%!"
  • This is why you have boring polices and procedures to make requests between departments, instead of just doing someone's boss a favor.

    I'm glad I work in a company with a strong culture of telling management to fuck off with their out-of-channel requests.

  • A W2 tax from shows the amount of taxes withheld from your paycheck. It's used to file your taxes.
    https://turbotax.intuit.com/ta... [intuit.com]

    I presume the article refers to this data. Does anyone have any idea what the scammers can do with this?

    • by kinko ( 82040 )

      A W2 tax from shows the amount of taxes withheld from your paycheck. It's used to file your taxes.
      https://turbotax.intuit.com/ta... [intuit.com]

      I presume the article refers to this data. Does anyone have any idea what the scammers can do with this?

      presumably they can file and claim your tax refund when they have enough information to impersonate you? Especially if they file before you get around to doing it yourself...

      • by JazzLad ( 935151 )
        One of many reasons to file by the first week of February (companies have until 1/31 to mail W2s & Mortgage paperwork, Wells Fargo always waits until the end to mail my mortgage papers or I'd be filed by mid Jan - maybe I can get this online, I haven't looked).

No spitting on the Bus! Thank you, The Mgt.

Working...