Got a Phishing Email with Information That Was Acquired from an Ex-Employer, What Do I Do?

whitepuma on 06/12/2023 - 13:35
Last edited 06/12/2023 - 14:19

So i received a phishing email recently. However this phishing email was a bit different to other phishing emails, it seemed very targeted and based on who they were impersonating and the information they already had about me I could tell that the only way they would have gotten this information was from a previous employer of mine.

To be a bit more specific without identifying who that employer is.

The phishing email was impersonating a previous employer of mine, specifically someone from senior management and was talking to me as if i was a current employee there, the email got sent to my personal email (instead of my former work email). The only way that i can think that they got this information was from information on internal systems of that employer.

The phishing email address used was not that of my former employer, it came from a @blueyonder.co.uk (never heard of this before)

I tried reaching out to the former employer, and they seem to be aware of phishing emails being sent out impersonating their staff, but they don't want to make comment on if any of their internal systems got breached or leaked or specifically what got acquired.

I guess my big concern is if my personal information got leaked, and how much of it got leaked, is there a way of finding this out from my former employer? is there a way that i can ensure the former employer is taking appropriate action with my data? What should i do in this case?

edit:
- I've had confirmation from some other employees & ex employees that they received a similar email

Education & Work

Comments

  • FoxJump on 06/12/2023 - 13:51
    +15

    these days, it's best to assume ALL your information has been leaked by everyone.

    • whitepuma on 06/12/2023 - 13:56
      +1

      Although i do agree that alot of our info is online, surely there is some sort of privacy laws that employers need to stick to. Or in the event of something being leaked surely they should have an obligation to let people know.

      • mskeggs on 06/12/2023 - 14:00
        +5

        Did you tell your MPs this when they asked in the most recent privacy review? Or before the last election?
        Because big business certainly told them those kind of rules were beyond the pale, an impossible drag on business, and individuals weren’t that concerned anyway.
        We have the Australian Privacy PRinciples, but no mandatory breach notification, and the Privacy Commissioner (which has been unfunded for years) has never prosecuted a single cyber breach.

  • apsilon on 06/12/2023 - 13:55
    +6

    If there's been a breach they're required by law to tell you about it and what information was leaked. If you've contacted them and they won't confirm or deny (basically a confirmation IMO) and you're of the belief there has been a breach and they won't tell you then you can make a complaint to the OAIC though I've no experience with how they handle it or what the outcome for you or them could be.

    • mskeggs on 06/12/2023 - 14:02
      +1

      I don’t believe there is any obligation to tell you about a breach unless they believe the breach might cause you serious harm.
      Nobody has ever been prosecuted for failing to notify.
      https://www.oaic.gov.au/privacy/your-privacy-rights/data-bre…

      • apsilon on 06/12/2023 - 14:07
        +1

        Define "serious harm". Who decides if it may cause serious harm? If we just accept it then no progress is going to be made. if we complain then there's at least some hope of the laws being strengthened, and perhaps more importantly, actually enforced.

        • whitepuma on 06/12/2023 - 14:12
          +2

          that's part of the problem, i can't determine if it will cause "serious harm" if the employer doesn't say what got leaked.

        • mskeggs on 06/12/2023 - 14:42
          +1

          The business decides if serious harm is likely.
          Note that now Optus and Medibank have scattered PII everywhere, businesses will be saying - it is unlikely our leak is any more serious than those, so we will just keep quiet.

  • 7ekn00 on 06/12/2023 - 14:03
    +1

    Sure it wasn't from many of the healthcare data breaches? - ie medibank, 23andme, etc

    • whitepuma on 06/12/2023 - 14:05

      i can confirm this ex employer is not in the healthcare industry

      • 7ekn00 on 06/12/2023 - 14:05

        Have you been with medibank and have they had the same information access you are assuming is from your ex employer?

        • whitepuma on 06/12/2023 - 14:06

          i have not been with medibank

          • 7ekn00 on 06/12/2023 - 14:07

            @whitepuma: is the ex employer the only one with the data described in the email? Not a current employer or other healthcare provider?

            If you can prove it's unique data to that ex employer, then you might have a privacy case, but none have ever been acted upon yet :/

            • whitepuma on 06/12/2023 - 14:10

              @7ekn00: correct. The ex employer is the only one with the data described (with the exception of who it may have gotten leaked to).

              no current employer or healthcare provider should have that information.

              I've also heard from some other employees & ex employees from the same company that received the same type of email, not all staff received it though.

  • spackbace on 06/12/2023 - 14:13

    Sounds like they might just have had access to that staff members email details? In which case you might be in their address book etc, so it's unlikely they'd have more than the basic details

    • whitepuma on 06/12/2023 - 14:14

      if that's all it is, i can live with that and probably won't put up a stink…..but i want to know what got leaked encase its more…

  • Settero on 06/12/2023 - 14:15

    is your email in a simple format like [email protected] , few ways people could do this via something like linkedin , scrape names for people claiming to or having previously worked at a business and just shoot them out in hopes of getting a bite

    • whitepuma on 06/12/2023 - 14:17

      that's possible, but other staff & ex staff received a similar email, of which not all of them have a simple format

  • Protractor on 06/12/2023 - 14:19
    +3

    Report it
    If different staff with different email hosts have been phished there's a breach.

    https://www.cyber.gov.au/report-and-recover/report
    What industry is it?

    • whitepuma on 06/12/2023 - 14:31

      only because it will narrow down the search too much, I prefer not say (unless it becomes public information). What I will say is that it's not from the medical/healthcare industry (as somebody else asked that earlier)

      • Protractor on 06/12/2023 - 15:10
        +2

        Just report it. (see the link I posted) You are owed an explanation. You won't get it here.

        • whitepuma on 06/12/2023 - 15:33

          appreciate it, done, cheers.

  • mskeggs on 06/12/2023 - 14:43

    Might it be from when LinkedIn got popped?

    • whitepuma on 06/12/2023 - 14:50

      It's possible.

      Some people suggested they got it from my LinkedIn profile, but unlikely as they also got my personal email which isn't public facing on LinkedIn.

      But if LinkedIn got "popped", then that's possible.

      But like I said earlier, other employees and ex employees got targeted with the same thing.

  • barge-in hunter on 06/12/2023 - 14:50
    +1

    It's not uncommon for an organisation of scammers to scrape employer/employee data from LinkedIn and perform this exact type of scam - with publicly available information

    I guess the questions are:
    - Are you on LinkedIn - and if so, ss your email address on LinkedIn the same one that received the phishing email?
    - Is your email address/profile set to completely private on LinkedIn, or are some of your details available to recruiters and/or third party apps?

    LinkedIn also had a data breach some time back, which could have given them your email address.

    Not saying there hasn't been a leak, but I've heard of these scams before without them

    • whitepuma on 06/12/2023 - 14:52

      I use my email address to login to LinkedIn, but it's not public facing…..so unless it's from the data breach?

      • barge-in hunter on 06/12/2023 - 16:07

        Yeah that might be the case… just double check your LinkedIn profile settings though, because there are 4 options for visibility. 2 & 3 both expose your email address in the case of someone elses' account being compromised:

        1. Only visible to me – No one can see your email address.
        2. 1st-degree connections – Only those directly connected to you can see your email address.
        3. 1st and 2nd-degree connections – Only those directly connected to you and those connected to your connections can see your email address.
        4. Anyone on LinkedIn – Any LinkedIn member viewing your profile can see your email address.
  • localhost on 06/12/2023 - 17:26

    More likely you haven't updated you linkedin profile. Scammers got the info from there and ask you to buy gift cards for someone from the management.

    You know the rule on the internet - trust no one.

    • whitepuma on 06/12/2023 - 21:25

      My linkedin is up to date. Doesn't mean they didn't get my info on there, but like i said to a couple of others. Many other people at that workplace received a similar thing at the same time, so it seems targeted to that workplace.

      • Protractor on 06/12/2023 - 22:56

        Make sure you cc email the communications minister along the the stages of following up the report you submit.You need meaningful over-watch for your own peace of mind, and it also contributes to changing the parameters of the piss poor cyber security goal posts we have in this country.
        Somewhere in the accountability chain there's several interfaces who know exactly who was exposed to this breach, and how. The govt has allowed this weak response situation to exist for too long. The double Optus breach hit has opened up a chance for everyone to change that weak link acceptance

  • thatonethere on 06/12/2023 - 19:16

    We have had supplier's at work who have been done over by hackers. Then a month later they (hackers) start replaying email including original conversation from similar but fake accounts with malware links embedded or phishing.

  • miwahni on 06/12/2023 - 22:46

    I received something very similar last Friday, from a blueyonder.uk email address. It purported to be from a senior exec at my current place of employment, the subject line was the name of the company I work for, and the email simply asked if I was available at that moment? Considering it was sent mid-afternoon, and the "sender" is someone that I talk with via Teams and email a couple of times a week, there's absolutely no reason why he'd be emailing me at my home address on a workday.

    At first I assumed someone was trawling Linkedin for info, but it came to a different email address than the one I have on Linkedin. I changed my email address on LinkedIn after the last data breach and it was the old address that this message came to. I just deleted it.

    • Protractor on 06/12/2023 - 22:57

      Interesting

    • whitepuma on 07/12/2023 - 09:06

      YES! this is exactly what happened with me! except it happened on tuesday.

      Similar ranking role, subject line name of company, asking if i have a moment, and yes the sender is someone i would sometimes speak to at that company.

  • JRonski on 07/12/2023 - 08:57

    Contact idcare.org for advice

  • ColtNoir on 07/12/2023 - 11:18

    I’d report the incident to ACORN

    https://www.cyber.gov.au/glossary/acorn

  • Darayus on 07/12/2023 - 11:41

    Linkein premium subscriber ( employment agencies) pays more than $ 100K per subscription to access the Linkein database for their head hunt and they have privy to access your details as well as email and mobile.

    Who knows that your information has been leaked through one of the recruiter companies? Always remember don't respond to emails if you are not sure. Since you have vindictive with your Ex employer, your visual focus is them.

    Recently I got a call from a landline asking me if I am XYZ and I said NO I am not then she started speaking softly and with a sexual tone to ask me if he is available and if I need him. When I mentioned you had got the wrong number she again tried to push me to speak with her as if she wanted to hook me on the phone and thereafter I disconnected her phone. These are new scams to get you hooked and scam you later, so be aware of them.

    Thanks

    • whitepuma on 07/12/2023 - 11:57

      Since you have vindictive with your Ex employer,

      Apologies if it came across that way, but I'm not vindictive with my ex employer. I'm just hypothesising that it's my ex employer that got breached based off of the information shared in their emails….Although some of the information is on my linkedin, there were still some things in the email that weren't on my linkedin, such as the email impersonating somebody i worked with a fair bit, that's not on my linkedin.

  • lainey13 on 07/12/2023 - 15:25

    Report it to the OAIC (they are the independent national regulator for privacy and freedom of information).

Login or Join to leave a comment
Login Join