Oh Snap! The Lesson Learned from the SnapChat breach

The Deets

In case you haven’t heard, here’s the quick low down on what happend with SnapChat this week:

  • The SnapChat payroll department received an email from the “CEO” asking for employee information
  • When the CEO emails you for information — you don’t think twice.  The SnapChat Payroll Department gathered personal information and sent it over to the CEO. Boom! Mission Accomplished, right??
  • Wrong!  It wasn’t really the CEO — it was a phising scam – daaaamn! Oh Nooo!
  • But, don’t worry – Your snaps are safe.

You can read the details here.  You can also read the SnapChat employee apology here.

Here’s how this affects YOU:

If an employee at a tech-based company can be phished, so can you. This breach wasn’t a super high tech hacker attempt.  It was very simple: the email “to” address really looked like it came from the CEO. Simple, right?  You may be asking yourself “How did they get this information”?  It’s not too hard with LinkedIn or any other social media sites that can be used to piece information together.

If you ever receive an electronic request or a even a phone call asking for personal information from work or from a friend here are some tips for you:

  • If you receive an email: Check the “To” address field.  Does it look like a legit company or personal email address?  If it’s a phone call, take down a call back phone number and ask for other contact information such as an email and a last name.
  • If so, then send a new email (do not reply to that same email) asking the requester if they really did send you the request.
  • If you are being asked to send personal information like social security numbers, phone numbers, passwords, etc then ask “Why?” and get a manager involved.
  • A company should never ask employees to transmit such personal information in an excel file, an email, or by any means that does not have an extra level of security.  So, if you’re still in doubt, get the IT department involved and your manager.
  • Read your work’s IT Policy.  There will be information about the do’s and don’ts.

Hope this helps explain what the big deal was over at SnapChat — stay #SOSOTECH SAFE out there on the World Wide Web!

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s