Ransomware may get all the attention, but phishing scams are alive and kicking with one recently targeting staffers at the County of Los Angeles.
According to a report in Forbes, a phishing scam tricked employees of the county into handing over their usernames and passwords. The scam affected 108 staffers, with the victims working across the county including in the assessor’s and chief executive’s office, children and family services, child support services, health services, human resources, internal services, mental health, probation, public health, the public library, public social services and public works, reported Forbes, noting close to half of the county’s departments were impacted by the phishing attack.
According to Forbes, the attack happened in the middle of May and followed on the heels of an earlier hack of the county’s department of health services. In that case, the systems were hit with a ransomware attack. The report noted that officials waited months to inform the public about the second breach because they didn’t want to compromise the investigation into who was behind the scam. Scammers stole a treasure trove of data including names, addresses, phone numbers, dates of birth, Social Security numbers, drivers’ licenses, payment cards information, bank account information, medical treatment histories and insurance information, noted the report. A warrant in the case has been issued for Austin Kelvin Onaghinor, a Nigerian national.
While this phishing scam happened several months ago, during the holidays this types of fraud tends to increase. According to the Kaspersky Lab’s Black Friday Threat Overview 2016 report, during the holidays the number of phishing incidents increases. Over the past few years, researchers have noted that the peak season for sales can also be a peak busy season for cybercriminals.
“While eCommerce customers are anticipating big sales, retailers are preparing for increases in store visitors, and financial infrastructures are getting ready for a huge increase in transactions; cybercriminals are preparing, too,” Kaspersky Lab said in a statement.