This afternoon they tried to Spear me.
A phone call from an Australian number. A polite and articulate young man named Jared on the line, from Market Solutions.
I had – supposedly – participated in an online survey earlier this year, and did I want to receive “a one – off email with some investment opportunities” that I’d said I’d be interested in?
This is not the old Nigerian Prince scam, or the Ukranian girlfriend, the Google lottery draw or a long lost, deceased, possible relative with 12 Million US in the bank that can be ours, or partly ours.
It’s far more sophisticated.
This is a very polite and professional sounding Aussie with Investment Opportunities that I might actually be interested in, even if I can’t remember the exact survey I supposedly filled in. The sounds of a busy office in the background.
The point of the phone call is to make you expect the email, and to open the attachment because you know it’s coming.
And they know about you. They can tune their “sales pitch” to your interests and business profile – after all, they’ve got access to LinkedIn and Facebook and Twitter, your Company Website, and all the other places you feature.
If you have a receptionist, colleague or staff member they can call they may ask how best to contact you, get your email address, and ask that person to let you know an email is coming your way.
Once the firewall is circumnavigated, you effectively do their work for them, by opening an innocuous looking pdf or word attachment and downloading Ransomware or other Malware onto your own system – and through the Cloud or your company network this can spread to every device, locking down or looking into all your valuable systems and data.
Then comes the demand for payment to unlock it, which will increase in cost the longer you delay.
If you need the data, can’t recover it and don’t have Insurance cover, what else can you do?
Except, like burglary, if you’ve been hit once, you’re far more likely to be attacked again – because the Cyber Criminals will sell your details – as good payers – to others of their ilk. Like a malicious referral programme.
If it’s not ransomware they are distributing, then they are working as the distributors of private information your company holds about clients, employees and your own accounts, invoices and suppliers.
Once they are in, they will work at full speed to get the information to the highest bidder before the breach is discovered.
The Insurance Industry is responding the these new threats by creating a Cyber Crime policy that typically gives access to a range of experts who can unlock data, remove malware, recover and rewrite records and pay for Privacy Act breaches and other costs associated with an attack.
Make sure that you discuss this with your broker; it might be the most valuable talk you can have all year.
Footnote:
I Say “No – Thank You.” He rings off. I call the number back and get a disconnected message. This time, I swim clear. But they’re getting cleverer.