A Real Cyber Crime Story

Employees can be our greatest assets, but also a huge point of vulnerability in a company’s cybersecurity.

In this horror story, a simple email from a bad actor resulted in more than $5 million in legal fees, accounting fees and credit monitoring fees. 

It’s not a question of “if” — your business will be socially engineered off social media data. You need stronger defenses, starting with your end-users. Let Agio help.

Transcription:

So back in January, a woman started, I think she started as a controller or assistant controller, something like that. New employee – she told all of her friends on LinkedIn that she got a new job, like we all do, right? Everyone hit congrats, all that good stuff. Two weeks later she gets an email, from the “CEO” and I put it in quotes because it was fake. It was a bad fake too. It was like Jane, CEO, and then the actual email address was XYZ@verizon.net.

It was a terrible fake, right? She didn’t notice it. All she saw was the name of the CEO. She was new; the bad actor knew that because she had just updated. She hadn’t worked with the CEO before.

The email says I’m running a report; I need all of our W-2’s. She runs home and logs on, grabs all of the 338 W-2’s, puts them together, sends them to the bad actor, and apologizes for taking so long. The bad actor so kindly says, “It’s okay. Thanks a lot. Enjoy the rest of your weekend.” The new employee thought, “Wow, I just did a great job. I helped the CEO and she said thanks a lot.” Right? She was really excited.

Now what does it cost the company? So we’re at $5 million and counting that they’ve spent – mainly on legal fees, accounting fees, credit monitoring fees, all of this.

You WILL be socially engineered off data on LinkedIn; and not like once a year, but once a day.

So back in January, a woman started, I think she started as a controller or assistant controller, something like that. New employee – she told all of her friends on LinkedIn that she got a new job, like we all do, right? Everyone hit congrats, all that good stuff. Two weeks later she gets an email, from the “CEO” and I put it in quotes because it was fake. It was a bad fake too. It was like Jane, CEO, and then the actual email address was XYZ@verizon.net.

VIEW MORE

Share post

LinkedInTwitterFacebookEmail
LIMITED TIME OFFER
Get 25% off XDR when bundled with Managed IT.
Did you know that firms that bundle managed IT and XDR with Agio are 80% less likely to have a vulnerability escalate to an incident than those who take only one service? Let's get you protected.
Let's get you protected.
Offer valid until 12.13.21

Testing normal
popup heading

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In id magna viverra, accumsan dui vel, dapibus tortor. Mauris ac bibendum enim, eget volutpat ipsum. In pretium finibus ante, a volutpat purus. Maecenas diam ipsum, euismod id magna quis, aliquam sodales mauris. Maecenas sed lectus tellus. Sed bibendum vestibulum neque, sit amet blandit tellus tincidunt a. Proin condimentum odio eget ante venenatis, ut euismod lorem viverra. Nulla et odio quis ante tempus mollis.

Maecenas euismod, tortor id elementum sollicitudin, augue dui tempor felis, quis egestas neque purus id nunc. Etiam commodo enim libero, et viverra enim finibus non. Vivamus sed suscipit quam, vel mattis urna. Aliquam erat volutpat. Proin accumsan leo elementum finibus cursus. Suspendisse potenti. Donec tempor nisi mauris, elementum viverra magna rhoncus non. Integer sit amet velit non elit maximus venenatis nec id ipsum. Pellentesque velit mi, pellentesque eget lectus vel, sagittis vehicula lorem. Ut vel mi viverra, mattis ante in, sodales lacus.