Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

California Breach All Too Familiar Story

A Phishing Attempt That Worked

An unknown hacker gained access to the California Controller’s Office March 18th and 19th. The access was granted unknowingly by an employee clicking on a link in an email. The employee then entered a user name and password onto the site, giving the “unauthorized user” access to personal information contained in unclaimed property holder reports.

The hacker sent emails to 9,000 other and their contacts. They also gained access to the personal information of thousands of state workers. Information included social security numbers and other sensitive data.

This is all too common of a story, although kudos to the California Controller’s Office for being so swift and transparent in their reporting. They’ve already contacted everyone affected and warned them of the potential of more phishing attempts. For those whose information was breached, they’ve also been alerted.

The Alternative

But this breach could have been avoided had the employee simply not clicked the link. There is plenty of information on how to spot phishing emails. Even then, there are common sense practices in the workplace to avoid becoming a victim. Unfortunately, there is still a lack of education for most employees.

The onus is on employers to educate staff. There’s no reason not to. Even if your business doesn’t have a budget for cyber safety education, there is endless information out there. You too can be cyber savvy.

Phishing attempts are becoming better. I’ve seen some pretty convincing ones as of late. However, there is a Golden Rule. Check twice.

In the instance of the California Controller’s Office, the employee could have gone directly to the website. If that wasn’t an option, they could have checked with a supervisor or other employee on whether this request had a basis. Finally, they could have alerted someone that this came through and they weren’t going to click the link then waited for confirmation from a superior. Any of those options would have saved the victims from having their information accessed.

Can you spot a phishing attempt? Do you know how they come in? What security measures are you taking to protect yourself and your employer? Let us know in the comments or on our socials.

And stay safe out there.

Photo by Christopher Gower on Unsplash

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles