The picture above is a bag with $25,000 in “redeemed” Apple Store gift cards sent to hackers overseas by a small business in New England.
The business owner’s email address was compromised (Business Email Compromise) and the office administrator was instructed to buy the gift cards on a corporate credit card, scratch the codes off each card and urgently email photos of the codes to the business owner. The hacker was insisting on urgency for this task as they needed to provide awards for an out of town sales meeting. The heightened sense of urgency and “ask no questions do what I ask”, was conveyed in the email. How would you respond to your boss when you get the memo “I need this done now, drop everything”.
Employees feeling under duress or stressed out due to a senior manager’s urgent request is exactly how hackers prey on innocent victims. Due to a lack of security awareness training, the employee did not know the email was compromised by hackers. The company now has CyberHoot to provide them with awareness and training which has massively increased their security posture and has built a culture of improved awareness at this customer.
And, if you only think this activity can happen to small businesses, think again.
Software Company Falls for Email Scams Targeting W-2 Information
“…March 31, 2016, (Pivotal) Chief People officer Joe Militello noted that the breach was initiated by a phishing email disguised to have come from CEO Rob Mee requesting information on Pivotal’s workforce. The employee inadvertently mistook the request as a legitimate message from the executive, leading to the delivery of W-2 information to an unauthorized recipient on March 22nd. The sent information included names, addresses, 2015 income details, Social Security numbers, and Individual Taxpayer Identification numbers.” (Link to Article)