The Washington Post recently reported that the online payroll firm Paychoice experienced a security breach on September 23. The hackers were able to get sensitive account information as a result of this breach.
The old Hack’em and Phish’em technique
According to an email sent out by the company on September 28 to their customers, the hackers were able to get e-mail addresses, login IDs and parts of passwords for user accounts at OnlineEmployer.com. The hackers almost immediately crafted phishing messages to trick customers into revealing the remainder of their passwords. Customers told the Washington Post that they received phishing emails telling them to download a plug-in so they could continue using the OnlineEmployer.com site. The emails used the recently pilfered customer login username and partial password. The plug-in was actually a password-stealing Trojan. Affected customers are worried they may have had other passwords or sensitive data compromised.
Investigation is ongoing
Meanwhile, Paychoice has taken other steps to notify customers about this phishing scam and they continue to investigate.
Prevent phishing attacks
Mailprotector’s email security services help mitigate phishing attacks as well as other email-borne attacks. If you’re not already using our services then you should give us a try.
