this post was submitted on 13 Jan 2024
130 points (97.8% liked)

Framework Laptop Community

2654 readers
1 users here now

Related links:

Related communities:

founded 3 years ago
MODERATORS
top 12 comments
sorted by: hot top controversial new old
[–] DavidGarcia@feddit.nl 49 points 10 months ago

they have been demoted to a bccountant

[–] SpaceNoodle@lemmy.world 40 points 10 months ago

Good on them for catching it early and handling it properly, but I'd be firing that accounting firm.

[–] NotATurtle@lemmy.dbzer0.com 31 points 10 months ago (1 children)

Weird that antifishing training isn't a normal requirement for people working with sensitive information.

[–] Tak@lemmy.ml 24 points 10 months ago (2 children)

Even if they take the training it's often not regularly, not enforced, and generally encouraged to ignore.

[–] ShadowCatEXE@lemmy.world 18 points 10 months ago

It is unfortunate. The company I work for enrols all employees in training that takes place every month or so (regardless of your role). They also send out fake phishing emails every so often, and those who interact with them are automatically enrolled in additional training. Stats are anonymous, but apparently interactions with those fake phishing emails have drastically reduced. Training absolutely helps, but it needs to be consistent to keep security on everyone’s mind.

[–] halcyoncmdr@lemmy.world 7 points 10 months ago

This is exactly the case. It's not continuous training. It's often one time training at hire then never mentioned again until something happens, like this.

https://youtube.com/shorts/VAWwtjtRM98?si=bBJlan5KAI7ihwlO

Phishing and Social Engineering attacks can target anyone in a company. Everyone needs consistent training to keep it in their mind and not become complacent.

[–] SatyrSack@lemmy.one 14 points 10 months ago (1 children)

I changed my password before actually reading the article:

On January 11th at 8:13am PST, the accountant responded to the attacker and provided a spreadsheet with the following information: Full Name, Email Address, Balance Owed.

[...]

As part of a subsequent investigation, the company identified all customers whose information was exposed in the attack and notified them of the incident via email.

[–] ArcaneSlime@lemmy.dbzer0.com 5 points 10 months ago (1 children)

So if I didn't get an email I'm good? Because I didn't get an email.

[–] Baaron87@lemmy.world 1 points 10 months ago (1 children)

This is something I would like to know as well. I have an open preorder at the minute and haven’t received anything. These articles are how I found out. Best practice for now is to change your password and pay attention to the payment method on file for unauthorized transactions

[–] ArcaneSlime@lemmy.dbzer0.com 2 points 10 months ago

Same. At least I use unique passwords.

[–] Gabu@lemmy.ml 6 points 10 months ago

Learned from one of their more vocal investors

[–] JCreazy@midwest.social 6 points 10 months ago