A Real Cyber Crime Story

So back in January, a woman started, I think she started as a controller or assistant controller, something like that. New employee – she told all of her friends on LinkedIn that she got a new job, like we all do, right? Everyone hit congrats, all that good stuff. Two weeks later she gets an email, from the “CEO” and I put it in quotes because it was fake. It was a bad fake too. It was like Jane, CEO, and then the actual email address was XYZ@verizon.net.

It was a terrible fake, right? She didn’t notice it. All she saw was the name of the CEO. She was new; the bad actor knew that because she had just updated. She hadn’t worked with the CEO before.

The email says I’m running a report; I need all of our W-2’s. She runs home and logs on, grabs all of the 338 W-2’s, puts them together, sends them to the bad actor, and apologizes for taking so long. The bad actor so kindly says, “It’s okay. Thanks a lot. Enjoy the rest of your weekend.” The new employee thought, “Wow, I just did a great job. I helped the CEO and she said thanks a lot.” Right? She was really excited.

Now what does it cost the company? So we’re at $5 million and counting that they’ve spent – mainly on legal fees, accounting fees, credit monitoring fees, all of this.

You WILL be socially engineered off data on LinkedIn; and not like once a year, but once a day.