Ride the Lightning

Snapchat Employee Falls for CEO Phishing Scam: Uh-oh!

March 1, 2016

On February 28^th, Snapchat posted "An Apology to Our Employees." It seems that one its employees fell for a phishing scam and revealed some payroll information about the company's employees. The good news was that the servers were not breached and users' data was unaffected. The bad news was that a number of employees had their identities compromised.

Snapchat's payroll department was targeted by an isolated e-mail phishing scam in which a scammer impersonated its Chief Executive Officer and asked for employee payroll information. A classic CEO scam e-mail. It fooled an employee who disclosed payroll information about some current and former employees.

Within four hours of the incident, Snapchat confirmed that the attack was an isolated incident and reported it to the FBI. It contacted the affected employees and offered them two years of free identity-theft insurance and monitoring.

As readers may recall from previous posts, I am not particularly a Snapchat fan. However, Snapchat's response to the incident was swift. It called in the FBI and wrote – and posted – a very transparent note. To the extent it could, it protected its employees.

It deserves some praise for the thoughtful concluding paragraph as well:

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong. To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again."

Well done Snapchat – and a hat tip to Jen Kubal for passing this along.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson