BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Elite Russian Hackers Claim To Have Breached Three Major U.S. Antivirus Makers
School Lunch Business Rivalry Leads To Hacking Charges
Cybercriminals Steal $1.75 Million From An Ohio Church
Ransomware Hits Yet Another U.S. Airport
A Free Wi-Fi Finder App Exposed Passwords To Millions Of Networks
A Ransomware Attack Knocked The Weather Channel Off The Air
Edit Story
ForbesInnovationCybersecurity

756,000 Warned As L.A. County Workers Fall For Phishing Attack

Lee Mathews
Senior Contributor
Opinions expressed by Forbes Contributors are their own.
Observing, pondering, and writing about tech. Generally in that order.
Following
This article is more than 7 years old.

Phishing remains one of the biggest threats to our security. Case in point: a phishing campaign launched earlier this year against County of Los Angeles staffers successfully tricked more than 100 into handing over their usernames and passwords.

108, to be exact. A single successful phish can cause enough problems, but 108? That's a disaster.

The victims worked in a number of different departments: the assessor's and chief executive's office, children and family services, child support services, health services, human resources, internal services, mental health, probation, public health, public library, public social services and public works. Nearly half of all the County's departments were compromised.

The attacks took place in mid-May, just two months after the county's Department of Health Services was targeted by a similar attack that left systems infected with ransomware. Waiting seven months to inform potential victims isn't a great way to handle a breach, but officials were concerned that coming forward sooner may have compromised efforts to discover the perpetrator.

Hackers made off with a treasure trove of personally identifiable information (PII): names, addresses, phone numbers, dates of birth, social security and driver's license numbers, payment card and bank account information, medical treatment  histories, and insurance information. It's the stuff of identity theft nightmares.

Their waiting may have paid off, at least in one way: charges have been filed in this latest case. A warrant has been issued for the arrest of Austin Kelvin Onaghinor, a Nigerian national. Nigeria has been a hotbed for phishing scams for ages and popularized so-called 419 scams.

International law enforcement has been cracking down in recent years, however. Just this August, authorities arrested a 40-year-old known by the alias "Mike" who was in charge of a $60 million fraud operation. Last summer, six Nigerians were extradited to the U.S. to face a litany of charges including wire fraud, bank fraud, and conspiracy to commit identity theft.

Lee Mathews
Lee Mathews