Skip to Content
Security & privacy

Phishing attack hits another huge company

I’m sure that you have heard us warn about the growing number of phishing emails. Scammers go to great lengths to generate emails that appear to be from someone you trust, like your bank or insurance company, hoping to trick you into clicking on a malicious link.

A successful phishing scam can lead to your gadget being infected with malware, or ransomware, or your credentials to multiple accounts being stolen. A major U.S. corporation recently fell victim to one of these hideous scams and we should all be worried.

Is anyone safe from phishing scams?

What we’re talking about is the American media holding company, Gannett. It’s the largest U.S. newspaper publisher and owns the USA Today and 109 local news outlets across the country.

Gannett recently sent a letter to its employees, letting them know that some of their personal information may have been stolen. The company’s HR department was compromised by hackers who gained access to Gannett’s email accounts. The hack was discovered when the criminal tried using compromised email accounts to authorize wire transfers.

The letter to employees said the HR department was a victim of a phishing attack and possible data breach. Employees’ personal information that could have been stolen include work history, bank information and Social Security numbers. The number of potential victims has not been disclosed.

If a major corporation like Gannett can fall victim to a phishing scam, what chance do we as individuals have? Your best chance at staying protected is knowledge. Knowing what to look for is a great defense.

Here are some ideas to stay protected from phishing attempts. Keep reading and I’ll also tell you how to respond after a data breach.

  • Be cautious with links – If you get an email or notification that you find suspicious, don’t click on its links. It’s better to type the website’s address directly into a browser. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn’t what the link claims, do not click on it.
  • Watch for typos – Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Typically, there are signs that give away the fact that an email is fake. Can you spot one? Take our phishing IQ test to find out.
  • Do an online search – If you get a notification about something that seems suspicious, do an online search on the topic. If it’s a scam, there are probably people online complaining about it and you can find more information.
  • Use multi-level authentication – When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts. Click here to learn more about two-factor authentication.

What you need to do after a data breach

  • Investigate your email address  Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
  • Change your password – Whenever you hear news of a data breach, it’s a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
  • Close unused accountsHere’s an easy way to manage all of your online accounts at once.
  • Manage passwords – Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you’re using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
  • Keep an eye on your bank accounts – You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
  • Check email security settings – Make sure the email account associated with the hacked site has updated security settings.
  • Have strong security software – Protecting your gadgets with strong security software is important. It’s the best defense against digital threats.

More stories you can’t miss:

Millions of smartphones and tablets wide open to hacks

How to spot disguised malicious files before they infect your computer

Do hackers really have millions of usernames and passwords? And should I be worried?

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook