The 1999 cult hit “Office Space” hilariously lampooned corporate culture, its numbing mundanities and soulless assaults on the dignity of everyday employees.
But more recently, in a scheme that looked a lot like the movie’s key plotline, it appears to have inspired one man in Washington state to steal $300,000 in funds from his employer.
If only our online vulnerabilities were so funny. Consumers lost nearly $6 billion to fraud in 2021, a 70% jump over the previous year, according to the Federal Trade Commission. More than a third of the losses were connected to imposter scams, the FTC said.
Our expanding digital footprints are found across an endless web of online vaults, bank accounts and file storage sites. Everything — retirement savings, payroll information and other valuable assets and resources — have been reduced to binary code. And having it all laid out so neatly can be a tantalizing temptation for hackers who can drain your funds faster than you can figure out who stole your stapler.
Here’s what you need to know to protect yourself.
Scheming in Seattle
Police in Seattle allege a software engineer for online retailer Zulily used malicious code to route more than $300,000 to his personal bank account.
Investigators found a file on the worker’s laptop titled “OfficeSpace Project” that held details of his alleged plan to move shipping fees into his own bank account — mimicking the movie’s storyline of engineers who plotted revenge for their company’s downsizing plans by embezzling fractions of cents into a personal bank account. He’s also accused of having used his access to adjust prices to buy items at significantly discounted prices.
In an interview with police, the engineer claimed the orders came to his house by mistake after a test he’d run. He claims he’d just forgotten to tell his employer or return the items. And then once he was fired, according to the police report, he says he just thought, “F— ’em.”
We can chuckle at the Seattle suspect’s inspiration, but online theft has become a decidedly unfunny threat to the online property of millions of Americans and businesses.
The peril is especially acute for consumers. Consider the growing popularity of online banks, many of which offer jaw-dropping interest rates for savings accounts — a clear advantage over bricks-and-mortar banks until you remember that those funds are only a username, password and some authentication away from a hacker’s worst intentions.
If you’re hacked and drained, heading to the local branch for resolution may not be an option.
It didn’t help things when LastPass — a favored password manager lauded for its secure storage of usernames and passwords — was hacked, exposing consumer data.
There are some obvious things you can do to stay safe online. Strong passwords mix numbers, cases and special characters to foil brute-force attacks. And scrutinizing that too-good-to-be-true email offer can reveal spelling errors, grammar mistakes and other tells that can unmask a bumbling phishing attempt.
But some other less obvious means of protection are often overlooked:
Multi-factor authentication: Most of the time, usernames and passwords just aren’t enough. Large companies and banks already aggressively push multifactor authentication — which requires a user to present two or more pieces of evidence to verify identity — to add valuable layers of protection. When given the option, consider using it.
Avoid public wireless networks: Tempted to use that airport layover to pay some bills or move money between accounts? Save it for home. Publicly accessible Wi-Fi networks may be life-savers at the coffee shop or airport terminal, but they’re notoriously leaky and vulnerable to sniffing and so-called “man in the middle” attacks that intercept messages between people who assume they’re communicating directly with each other.
Audit your digital footprint: It’s time to take stock of your online presence. How many accounts do you have? How many have you used lately? Consider deleting old and unused accounts and services that require a password. You can also use privacy extensions with your web browser, and avoid using common single sign-on methods that use your Google or Facebook credentials to access sites and accounts. If those high-value systems are hacked, you’re vulnerable.
What to read next
This article provides information only and should not be construed as advice. It is provided without warranty of any kind.