{"id":6813,"date":"2017-02-28T21:05:02","date_gmt":"2017-03-01T05:05:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/28\/news-604\/"},"modified":"2017-02-28T21:05:02","modified_gmt":"2017-03-01T05:05:02","slug":"news-604","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/02\/28\/news-604\/","title":{"rendered":"A better security strategy than \u2018know your enemy\u2019: Know your co-workers"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt3.staticworld.net\/images\/article\/2017\/02\/fake_email-100710992-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Evan Schuman| Date: Tue, 28 Feb 2017 08:51:00 -0800<\/strong><\/p>\n<p>Cyberthieves today know that it\u2019s better to be sneaky and crafty than forceful. To be even more blunt, they know that it\u2019s better to trick you into doing their work than to break in and do it themselves.<\/p>\n<p>That trickery starts with ever-more-subtle ways to get you to click on an email attachment. A recent attack used an employee accomplice who was to flag any meetings with multiple people and note who was presenting. Within 30 minutes\u00a0of one meeting\u2019s end, the crooks sent an email attachment\u00a0to everyone on the original email thread, with fake headers so that it appeared to be from the presenter. The email said, \u201cSorry, everyone. Here is the updated version of the slides from our\u00a02 PM\u00a0meeting.\u201d Even an especially security-conscious person could get pulled into clicking on that one.\u00a0<\/p>\n<p>But a lot of attacks go beyond email scams to include efforts to get employees to do high-risk activities \u2014 such as wiring corporate funds \u2014 instead of merely opening an attachment.\u00a0<\/p>\n<p>I recently spoke with Mark Fidel, who is co-founder and head of corporate development of New Mexico-based security firm RiskSense and someone who is a strict believer in rigid separation of security and financial duties as a breach-avoidance tactic. He pointed to a recent incident at his firm, where an attacker who had done his homework tried to trick the company\u2019s CFO into making an unauthorized transfer of $20,000 to a bank account in Georgia. It would have worked, too, Fidel said, had not the politeness of the email raised his suspicions.\u00a0<\/p>\n<p>The email, supposedly from the CEO, ended, \u201cKindly email me back with a confirmation.\u201d Said Fidel candidly: \u201cOur CEO would\u00a0<em>never\u00a0<\/em>have said \u2018kindly.\u2019\u201d\u00a0<\/p>\n<p>\u201cOur CFO sent it to our office manager\/bookkeeper. She can initiate, but I have to complete it,\u201d Fidel said. \u201cI read the email and said, \u2018This has to be a scam, just knowing the CEO.\u2019 If the CFO had authorization and capability, that is the bad guy\u2019s success right there.\u201d\u00a0<\/p>\n<p>Fidel was impressed, though, with how close the attacker came and how well planned the attack was. That CFO was a contracted officer and was not even listed on the company\u2019s website. \u201cThe only place he\u2019s listed is on LinkedIn. That\u2019s where they probably pulled it. They correctly guessed the email format and they spoofed the right address. It was a pretty good effort.\u201d\u00a0<\/p>\n<p>But Fidel\u2019s defense was not based in his knowing his attacker\u2019s tactics well. It was based on his knowing his colleagues well. He was sensitive to nuanced phrasing and other small details that flagged a potential imposter.\u00a0<\/p>\n<p>How often do you get an email or text from someone and have the sense that it doesn\u2019t sound like him or her? If it\u2019s an FYI update, fine. But what if it\u2019s a request to forward a sensitive document or to take a specific action? Would you do it without checking? What if the message created a sense of urgency, perhaps saying, \u201cI need this right away. The client meeting starts\u00a0in five minutes. Stop everything and do it now!\u201d\u00a0<\/p>\n<p>Welcome to the fraudster world. This gets even worse. Some people may not interact with senior management often enough to be able to detect a reasonably good fake. Indeed, the good thief will explicitly target people who won\u2019t be able to detect a replica.\u00a0<\/p>\n<p>It may be true that one can have excessive security, but one can never have excessive paranoia and suspicions. Few bosses will get upset if you challenge their identities. Indeed, they should thank you.<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3175058\/security\/a-better-security-strategy-than-know-your-enemy-know-your-co-workers.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt3.staticworld.net\/images\/article\/2017\/02\/fake_email-100710992-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Evan Schuman| Date: Tue, 28 Feb 2017 08:51:00 -0800<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Cyberthieves today know that it\u2019s better to be sneaky and crafty than forceful. To be even more blunt, they know that it\u2019s better to trick you into doing their work than to break in and do it themselves.<\/p>\n<p>That trickery starts with ever-more-subtle ways to get you to click on an email attachment. A recent attack used an employee accomplice who was to flag any meetings with multiple people and note who was presenting. Within 30 minutes\u00a0of one meeting\u2019s end, the crooks sent an email attachment\u00a0to everyone on the original email thread, with fake headers so that it appeared to be from the presenter. The email said, \u201cSorry, everyone. Here is the updated version of the slides from our\u00a02 PM\u00a0meeting.\u201d Even an especially security-conscious person could get pulled into clicking on that one.\u00a0<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3175058\/security\/a-better-security-strategy-than-know-your-enemy-know-your-co-workers.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11072,714],"class_list":["post-6813","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cybercrime-hacking","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6813"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6813\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}