We’ve all heard of email cyberattacks like the Nigerian prince scam. Most commonly, these scams come in the form of phishing attacks that prey on the victim’s emotions rather than a specific technological manipulation. Many people think a phishing email will be easy to detect, but they’re becoming more sophisticated than ever before.
In October 2018, the SEC released a report on business email compromise (BEC), stating these scams weren’t technologically sophisticated but preyed on “weaknesses in policies and procedures and human vulnerabilities.” The report documented more than $100 million in losses by nine publicly traded companies across numerous industries.
One company was hit fourteen times for a total loss of $45 million.
Company executives are often targeted in phishing attacks because they have more digital assets for cybercriminals to steal. Executives won’t get the mass emails hackers send to a million people. Instead, attackers will conduct reconnaissance using social media to learn about their work and personal life, then launch the attack.
Here’s an example: say your twenty-year college reunion is coming up. A cybercriminal learns this fact from your LinkedIn profile and crafts a malicious email. It says they work with the reunion committee and would love you to give the keynote speech. The email directs you to download a pre-drafted announcement that you’re giving the keynote.
“Why don’t you take a look and let me know what you think,” the email might say. Feeling flattered by the invitation, you click the link to see the details, but you’ve also been silently infected with a virus that will log all of your keystrokes and take images of your screen every minute. This data will ultimately be sent back to your attackers.
Or you might receive an email that looks like it’s from your alma mater, asking you to update your alumni username and password. It’ll even have the logo and seal of your university to make it look official. If you have a habit of reusing the same ID and password, the attackers will soon have their way with your other accounts.
When You Get an Unexpected Email, Pause to Consider It
If all levels of phishing attacks are becoming harder and harder to detect, then how can you as a busy executive protect yourself? My first suggestion is to test your readiness for a cyberattack. To do that, check out the quiz at: opendns.com/phishing-quiz.
Your next step is to go through a specific set of actions whenever you receive unexpected email attachments or links. The first thing to do is back away from the keyboard, take a deep breath, and ask yourself, “Does this relate to a matter I’m already involved in?” This helps you assess the message for authenticity.
If the answer is no, you should be extremely cautious about whether the email is real.
If the email appears to come from someone you know, but it isn’t about something you are actively working on, either call that person or create a new email to ask, “Hey, I just got this from you. Tell me about it. Is this something new? Did you send it?”
Again, it’s very important that you don’t just click Reply to ask the sender “Is this legitimate?” because if it is a phisher, they’ll reply, “Of course it is!” They are counting on you trying to resolve this matter so quickly that you just hit the Reply button instead of creating a new email. Don’t make it that easy on them – stop and think!
I firmly believe that many accounts payable clerks fall for attacks asking them to move money to offshore bank accounts because they are so in the flow of getting their work done that they don’t pause to ask, “Is this for real?”
The same thing happens with executives. You must be willing to interrupt your cycle of wanting to be highly productive. If you don’t interrupt that cycle, the momentum of your day will one day cause you to open a dangerous email and follow the phisher’s instructions.
For more advice on protecting yourself against phishing attacks, you can find Fire Doesn’t Innovate on Amazon.
The following is adapted from Fire Doesn’t Innovate by Kip Boyle.
Have you read?
# The 100 Most Influential People In History.
# Top CEOs And Business Leaders On Twitter: You Should Be Following.
# Must Read Books Recommended By Billionaires.
# The World’s Top 20 Most Charitable Billionaires.
# Richest Families In The World, 2018.