Cybersecurity has to be a primary concern for anyone online today. There are always new threats being discovered and new strategies that are used to steal personal information and other critical data. You might have heard about the recent data breaches in major companies, such as Facebook, Panera, and Under Armour. To avoid the making the same mistakes, it is important to learn how these companies fell victim to online predators. The capabilities of these attackers continue to increase every day and we all need to stay informed on the best ways to navigate the dangerous waters of the web.
IRS W2 Tax Season Scam: At the start of 2017’s tax season, a spear-phishing attack made the rounds and compromised the personal data of over 100,000 employees at over 100 companies. Cybercriminals used fake emails to ask for personal data for tax purposes. The emails were constructed to appear as if they came from a trusted source of corporate executives.
Google Docs: In May 2017, a phishing scam targeted over 3 million employees on the Google Docs platform. Fake email invitations were sent out to ask for editing. When the employees opened the messages, they were shifted to a third-party app. This shift allowed hackers to get into their Gmail accounts.
Facebook and Google: The actions of one man, Evaldas Rimasauskas, resulted in two of the largest corporations in the world being taken for $100,000,000 each. This hacker used phishing emails to convince employees to wire money into overseas bank accounts that he controlled. He has since been arrested by the U.S. Department of Justice.
Amazon Prime Phishing Attack: Hackers used social engineering techniques to make customers believe they were getting legitimate deals during Amazon’s Prime Day. Once the shoppers followed the false link, the transaction would show as incomplete. Then, the fraudulent web page would request information like credit card numbers and checking account data.
Chipotle: A group of cybercriminals sent emails filled with malware to the employees of Chipotle, luring them to enter personal login information. Through these email addresses, they were able to steal millions of customers’ credit and debit card data.
A House of Cards: This attack might go down as the worst of 2017. A Ukrainian FinTech company, MeDoc, experienced a security breach. Its network was infected with malware. From there, the infection spread across the globe and contaminated hundreds of business in India, Europe, Russia, and the United States. The full consequences of this attack are still being tallied.
This is a short list of some of the most devastating phishing scams of 2017. These summaries don’t even go into all the real consequences. All this stolen data from payment cards and social security numbers will take months, if not years, to recover from. Social media platforms and emails present vast opportunities for threats and hackers to steal your identity. Social engineered attacks can often look just like social media marketing or legitimate emails.
Businesses need to work with their IT departments and protection providers to educate their employees on how to look out for these threats and scams. Unfortunately, we all need to be more aware of the dangers that social media sites represent today. There is no shortage of threats out there, and it is going to take a communal awareness to protect ourselves.