Recently, we’ve covered a study conducted by the Pew Research Center that concluded only 54% of Americans were able to identify a phishing attack, one of the most popular weapons cybercriminals use to attack. Media giant Gannett Co, a company that owns over 100 news outlets, including USA Today, has recently been hit with an email phishing attack in which as many as 18,000 employee accounts may have been compromised – safety is never guaranteed.
Gannett’s security breach
On March 30, Gannett discovered that the email accounts of several Human Resources staff members were attacked. The company put its cybersecurity team in charge of investigating the occurrence, and it has been found that sensitive personal data, including dates of birth, bank account information, social security numbers, salaries, and benefits may have been accessed, according to the International Business Times. There is no evidence this type of information was taken.
The attack was discovered after the hacker attempted to use a hijacked account for a fraudulent corporate wire transfer – an unsuccessful attempt that was identified by the company’s finance team.
Some of the company’s employees tweeted about the data breach as the news started surfacing:
Lololol just got notice of a data breach in Gannett's HR department pic.twitter.com/N5eeT65xa2
— Amanda Coyne (@AmandaCCoyne) May 2, 2017
Gannett claims it has now notified federal law enforcement, and that no customer account information was affected. The company added that all 18,000 employees will be notified of the attack via the U.S. Postal Service. A free credit monitoring service will be offered to current and former employees, as their data could have been compromised as well.
This isn’t the first time a major company’s department has fallen for an email phishing scam. According to the International Business Times, both Facebook and Google have in the past been tricked into paying a Lithuanian hacker over $100 million between 2013 and 2015.
The incident comes right before Google Docs users received an email in which someone invites them to share a document. Those who click on the link can give hackers their information, without realizing it, as this is a massive phishing scam. Google has already taken action to protect its users.
Phishing emails often carry malware
In these two recent attacks, hackers seem to be after valuable data that can be sold on the dark web for a hefty sum of money. Nevertheless, according to cybersecurity firm Barkly, ransomware often carries malware, as the main delivery vehicle for malware were email attachments.
Moreover, in March 2016, 9 out of 10 phishing emails carried ransomware, according to the same source. These numbers, along with the high-profile attack on Gannett, just show that cybersecurity awareness is a necessity. Verizon’s 2017 Data Breach Investigation report also found that 43% of breaches utilized phishing schemes, in both financially motivated attacks and cyber-espionage.
In order to stay safe, always be cautious with links and attachments, and thoroughly check suspicious emails from unknown senders. Typos, for example, are a huge red flag. When possible, use multi-level authentication.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.