Don’t tell him Pike!

Such is the sophistication of the bad actors on the web that it is easy to get caught out and let people steal your credentials. Have you seen those games on Facebook, where for example you are asked to give the name of your first pet and the road you live on? These details are the pseudonym you would use if you were to star in a porn film, say Ginger Johnson. It’s all a bit of fun! Or is it? Many people use such details in their passwords to make them easier to remember, and the more things you give away in such silly games, the more these tricksters can find out about you.

Another way to catch the unwitting is to get them to click on a link, whether in a social media post or an email.

A very recent high profile attack of this kind at the high society London jeweller Graff led to the gathering of personal details and transactions for many well-known celebrities such as Oprah Winfrey and politicians such as Donald Trump. Details were first published in The Mail1 last weekend and a Russian gang named Conti is demanding a multi-million pound ransom. Despite already having released a huge amount of data on the dark web, Conti claims this is only 1% of the information they have. They claim to have client lists, invoices, receipts and credit notes and some of this information could be incriminating for Graff clients as they could relate to presents for lovers, or bribes. Normally Conti demands 10% of their victim’s annual turnover, which in Graff’s case would be £45 million. The Information Commissioner (ICO) can fine the organisation up to 4% of turnover, so another £18 million.

Graff claim to have shut down their systems very quickly to minimise the breach and have informed all affected clients. The ICO are investigating what happened.

It is well known that since the beginning of the pandemic bad actors on the web have been targeting people working on insecure home networks, as well as those working in a hybrid environment. However, the new ways of working are affecting new employees, who in the past relied on being in the same place as their co-workers and learning the company values, culture and mores from them. Generation Z workers, in particular, have been badly affected by only knowing their colleagues head and shoulders on their screens. Sensitive training is the way to make staff wary of opening emails and clicking on links, and it is the fault of management rather than the employee if innocent staff accidentally let in an attacker.

We can provide the training needed to recognise the signs of malicious emails and other social engineering. We are friendly and approachable.

Diana Catton MBA – by line and other articles

References

1 Massive cyber heist rocks high society jeweller Graff | Daily Mail Online

Dad’s Army image BBC sourced from Google search