Even savvy employees at a tech company can fall prey to a targeted phishing campaign. In a blog post published yesterday, Snapchat has apologized for divulging employee records to an unidentified attacker. On Friday, one of the company’s HR employees was contacted by an email which appeared to be from the company’s Chief Executive Officer, Evan Spiegel. The email requested payroll information which the employee promptly delivered. The email was actually sent by a cybercriminal who spoofed the CEO’s email address. As a result, a number of the company’s employees have had their identity compromised.

Such CEO phishing scams are becoming increasingly common. They typically target employees in the HR or Payroll department. The emails are often sent on Friday afternoon when everyone is tired and eager to finish their work for the week. Since the emails purport to be from the CEO, employees are quick to send the requested information without much additional consideration. One of the most damaging versions of the CEO phishing scam happened at Ubiquiti Networks. Last summer, a Ubiquiti employee was contacted by someone purporting to be the CEO and was tricked into sending a payment of over $45 million dollars to the perpetrators.

Snapchat was quick to recognize and address the problem. The company ensured the phishing attack was an isolated incident and reported it to the FBI within a few hours. Furthermore, they determined which employees had been affected by the breach and promptly contacted them offering identity-theft insurance and monitoring. As summed up in their post, “When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong.”