Tuesday 8 March 2016

Phishing Scam Exposes Seagate Employee's Data

Phishing Scam Exposes

Phishing Scam Exposes Seagate Employee's Data.

According to the reports of Brian Krebs, copies of W-2 tax forms for thousands of current and former Seagate employees has been emailed to phishing scammer.

On 1 March 2016, this incident took place. A spear-phishing email received by the Seagate employee that look totally genuine and like a legitimate internal company request. That email asked for a large number of current and past employees W-2 tax forms.

After receiving this email, the Seagate Staff member replied that email with requested all the files and after that he gets duped.

When Seagate found about this issue, they directly send notification letters to all the affected parties and informed to the authorities regarding the same. Former Washington Post reporter Brian Krebs was the first who made the incident public on his blog, he mentioned such a letter which was received by one of the former Seagate employees.

Seagate spokesperson Eric DeRitis said,

"Around only less than 10,000 of the W-2 forms for thousands of current and former employees have been exposed," “When we learned about it, we immediately notified federal authorities who are now actively investigating it. We deeply regret this mistake and we offer our sincerest apologies to everyone affected. Seagate is aggressively analyzing where process changes are needed and we will implement those changes as quickly as we can.”

About W-2 tax forms:

This kind of fraud is becoming extremely popular from the past year. W-2 is a kind of tax forms where the information about the employee's wage and salary is stored. It also includes the state and other taxes withheld from paychecks, the amount of federal, employee's Social Security Number (SSN) and also the basic information like home address, contact information etc. These all details are enough for any scammers to achieve their tasks and they can file fraudulent tax returns on the behalf of each victim. It's become the favorite method of siphoning cash from people.

According to the IRS report in last year, there was an incident when the attackers have accessed over 390,000 IRS accounts of users, and also they have done the same thing, like tried to file fraudulent tax returns.

It was found in the starting of February 2016, for 464,000 US taxpayers some unknown has tried to generate E-filing PINs, but the person was able to obtain 101,000 PINs only. That PINs could have been used in fraudulent tax returns.

Scott Gordon, COO at FinalCode, a file security company said that 

"The Seagate phishing scam is a great example of how difficult it can be to identify and defend against such targeted schemes. In this case, it's likely that an electronic digital rights management solution could have helped maintain data privacy, Using the proper controls for data access would ensure that the file owner maintains control of the data, even after it was mistakenly sent. Certainly, having the capability for remote deletion would have been useful too."

The same look like incident happens a week before when a Snapchat employee was fooled by some email and he revealed the payroll information of some of its employees. Maybe the same scammers tried this also, the same spear-phishing trick.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer