Frank Abagnale was the guest speaker at the OSU Tulsa Business Forums this month. He was speaking on the topic of identity theft and cybersecurity. Most people know him from the Hollywood movie, Catch Me if You Can, starring Leonardo Dicaprio and Tom Hanks. He was a forger and fraud artist when he was 16 – 21 years of age. He served time in prison but was released early when the FBI brought a deal to the table to work with them for four years. He’s now been at the FBI for 40 years, or as he put it, 36 years past his required time to work with the agency. He knows a thing or two about cybersecurity.
While his antics as a youngster and regrets were fascinating to listen to, it’s his knowledge of cybercrime and identity theft that really stuck with you.
How Social Media Phishing Could Impact Your Business
Frank told a story of a real-life example he had come across involving the CEO and CFO of a company. It was an email exchange from the CEO to the CFO. The CEO wrote to his CFO that it was great having dinner with him and his wife, Helen, the night before. He commented on how beautiful their patio renovation project had turned out. He also casually reminded him that he was about to board a plane for Nashville for an upcoming conference. He had forgotten that he told XYZ Charity that he would give them $50,000 and the charity needed it by noon. He then asked if the CFO would simply wire it to the account that he had listed below? The CFO, who had indeed invited the CEO and his wife over the night before for dinner on their new patio and knew that the CEO was on his way to Nashville for the conference went ahead and wired the $50K to the account given to him. The only problem? It wasn’t really his CEO asking and the “charity” was some offshore account. The company’s $50K was gone.
How did the hacker know all of this detailed, personal information? It actually was a lot easier than you may suspect. They went to the social media profile of the CEO’s wife account. She didn’t realize her posts weren’t private and posted about having dinner at the CFO’s house and made a comment about how great their patio renovation had turned out. The CEO had posted on his Twitter account that he was looking forward to an upcoming conference in Nashville and the hacker simply had to look to see when the conference took place. Really, it required a minimal amount of research on the hacker’s part to draft a very believable email. This tactic is called social media phishing. It’s a form of spear phishing, which I’ve written about before.
Scared yet? The audience I was sitting in was definitely alarmed after Abagnale told us this story. However, don’t despair yet because there are things you can do to help keep your company and employees more secure.
How to Close the Cyber Soft Spots
The first thing a company should do is to invest in cybersecurity solutions. We use some of the most sophisticated software possible when we implement cybersecurity for our clients. The software we implement is continually evolving through machine learning and other techniques to help combat sophisticated hacking techniques. We’ve written in detail about both technology solutions and email security on our blog, where you can read more.
The second thing that needs to happen is user education. These social spear phishing attacks are banking on the fact that your employees are unaware of the damage that can happen when you post personal information on social media. Furthermore, they are counting on the fact that if they use reliable information the user will overlook the fake email address of where the email is actually coming from. As Abagnale stated, “Every breach occurs because somebody in that company did something they weren’t supposed to do or somebody didn’t do something they were supposed to do,” he said. “All hackers do is wait for doors to open and thousands of doors open every day.”
Employee education about cybersecurity needs to become more of a priority for companies who truly wish to combat this increasing threat.
If you’re interested in learning more about technology solutions that can help your company combat cybersecurity issues, contact us. We’d be happy to go over how we can help with both technology solutions and employee awareness.