Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Snapchat Suckered by Payroll Phishing Attack

Messaging service Snapchat has admitted that sensitive financial information about some of its employees was phished after a member of staff fell for an email scam.

In a blog post on Sunday, the firm claimed that the phishing attack managed to con one of its employees into revealing payroll information about their colleagues.

“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” it revealed.

“Unfortunately, the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally. To be perfectly clear though: None of our internal systems were breached, and no user information was accessed.”

Snapchat claims it responded swiftly and aggressively to the incident, notifying which employees were affected and offering them identity theft insurance and monitoring for two years.

“When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong,” the firm admitted.

“To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again.”

Wieland Alge, EMEA general manager at Barracuda Networks, explained that phishing attacks are becoming increasingly difficult to detect.

“HR and payroll are flooded with emails containing all types of attachments and they are encouraged and even obliged to open them. IT security teams must implement countermeasures against targeted attacks against this channel,” he added.

“At the end of the day, all businesses have a duty of care to ensure that they have robust security systems in place to protect their own and their customers’ data. If they fail to do so, they are rolling the dice when it comes to their reputation and ultimately long-term survival.” 

What’s Hot on Infosecurity Magazine?