Reddit Phishing Scam - The Latest Victim of a Spear Phishing Attack

Reddit Phishing Scam

Reddit Phishing scam is the most recent data breach in recent weeks, where an employee was unfortunately deceived by a highly sophisticated and well-targeted spear phishing attack.

According to Reddit, the attacker behind the data breach set up a website that mimics the company's intranet gateway to send out highly-targeted phishing emails to unsuspecting Reddit employees. Once these credentials were obtained, two-factor authentication tokens were also stolen for further malicious intent.

Reddit notified its users to explain exactly what happened during the phishing scam but only revealed a few details. However, it did mention that the attacker managed to access "some internal docs, code and some internal business systems.

Since the update does imply that only one employee fell victim, there are some assumptions about the breach.

  • The culprit had some knowledge of how Reddit works internally - The fact that the hacker could replicate an internet gateway highlights their familiarity with how gateways look and feel and how Reddit employees use it.
  • The attacker may have been an Initial Broker - Despite gaining access, they mention that no production systems were damaged. As of this, it could be presumed that the hacker was after gaining a foothold within Reddit rather than penetrating more sensitive systems and data.
  • Specific victims were targeted that had desired access - With the prior knowledge of the intranet, it could be believed that the attacker targeted users with particular roles within Reddit. By the way, the company addressed what the attackers gained as "code". It can be assumed that the goal was to infiltrate developers or someone on the product end of the business. 

Conclusion Of the Reddit Phishing Scam  

From the Reddit Phishing attack, there are key takeaways to ensure that your company does not fall to the same fate. Ensure that 2-factor authentication (2FA) is used on anything your company uses to give that extra level of security. It is better to have one than not have one at all.

It is also important to highlight that in the Rediit Phishing scam, the employees played a role in the breach, so staff must know what to do if a breach happens. Reddit explained how "soon after being phished, the affected employee self-reported, and the security team responded quickly, removing the infiltrator's access and commencing an internal investigation." Mistakes happen, but how they are resolved is the most crucial part.

Silver Lining can help you and your employees stay educated on keeping themselves secure with our cyber security management. We can offer a wide range of tools, from Simulated phishing campaigns to see where a breach would happen and Security Awareness Training. To find out more, please hit the link below to our Cyber Security Management page.

Equally, do not hesitate to get in touch with us by calling  0345 313 1111 or emailing us at info@silver-lining.com

Cyber security Threats 2024

Cyber Security Management

Give your employees the tools they need to become a powerful shield of protection for your business.
Learn More
silver-lining-logo
© Silver Lining Convergence Ltd
Registered Company Number: 06212357
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram