[CyberSecurity] Increased Levels of Data Breaches Driven by W-2 Phishing Scam

McCrary, Barbara bmccrary at osrhe.edu
Mon Apr 10 09:50:09 CDT 2017 

Thank you for being a part of OneNet's cybersecurity listserv.  Please share our listserv information with those in your organization who can benefit by receiving this information. Just have them subscribe by sending their request to communications at onenet.net<mailto:communications at onenet.net> .

If you have cybersecurity information to share with the OneNet community, please do not hesitate to post by sending your responses or posts to cybersecurity at lists.onenet.net<mailto:cybersecurity at lists.onenet.net>.

The following information is from the MS-ISAC on W-2 phishing scams and Business Email Compromise scams. It is especially important for our K12 schools.

Due to the substantial increase in W-2 phishing scams, the number of reported data breaches in the first quarter of 2017 already exceeds 80 percent of the total number of data breaches reported in 2016. Based on the 2016 pattern, the MS-ISAC expects that this scam will decrease in frequency but continue to occasionally target state, local, tribal and territorial (SLTT) governments after April 2017.

*         In 2016, the MS-ISAC identified 68 data breaches, seven of which were related to the W-2 phishing scam.

*         In the first quarter of 2017, the MS-ISAC has already identified 55 data breaches, 37 of which were related to the W-2 phishing scam. Of note, K12 schools accounted for 54 percent of reported phishing-related data breaches in 2017 to date.

The MS-ISAC has identified several other variants of BEC scams targeting SLTT including the variant where the impersonated or compromised senior executive account requests that a wire transfer be issued. These variants do not result in data breaches, but are worth noting as any training or awareness activities should include the wire transfer variant.

Key indicators of BEC scams include short poorly written messages purportedly from smartphones, spoofed email addresses, requests made when the executive is out of the office, and unusual requests.

Best,

Barbara McCrary
______________________________________________________________________________________________________________________________________________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.onenet.net/pipermail/cybersecurity/attachments/20170410/727749dd/attachment.html>

More information about the CyberSecurity mailing list