Compliance Need to Know: “It Doesn’t Happen….Until It Happens,” Cyber Security, Part I
“Morning, Rebecca,” Tom said as he walked into his business.
“Mornin’, Tom. How was Houston?” she asked with a classic smile.
“Great clients! Horrible traffic.”
“I hear you there, sir! That’s why I call Dallas home.”
“Is Susan in? I need some advice. Holler at me when she comes in.” Tom said. “Now, I really need to get to that backlog of emails.”
Tom was in Houston for most of the week and was in non-stop meetings with an oil and gas firm, a real estate investment trust and a dozen clients. It had already been a long week, and it was going to be a heavy-on-the-coffee day. Hopefully, his assistant, Daniel, will help him out with all of the notes and updates that to go into the CRM. Sure enough, he was in.
“Hey, Danny, if you got a minute, I could use some help.”
“Hey, Tom. I have a couple of updates and a config with the CRM. Can you give me an hour or two?”
“No problem.” Just then Susan walked in the door. “Hey, Susan. Good morning!”
“Hey, Tom. How was Houston?” The classic rhetorical question. “How did the meeting with McClatchy and McCarty go? They’re getting really good numbers for an oil and gas firm nowadays.”
“It went great. I’m sold, and I have the due diligence file that I can send you here in a minute.” Tom said, convinced he was sold on the idea, but he wanted her feedback. Susan has been in the oil and gas business, and if her schedule wasn’t so filled up, she would have been down there in Houston with him.
“You have a couple of minutes?”
“Sorry, I’m booked ‘til lunch. Send me your due diligence, and we can meet this afternoon.”
“That sounds great.” Standing just outside Danny’s office, Tom took the opportunity. “Danny, does one o’clock work for you? Susan two?”
“Yes” was the simultaneous answer.
“Good!” Tom replied with a smirk on his face, “I’m going to go tackle my inbox.”
Sitting at his desk and firing up the laptop, Tom couldn’t help regret not going through his email last night. He has an eleven o’clock meeting that he needs to get ready for and hundreds of emails to go through. Tom told himself, “It’s nine-thirty now, emails ‘til ten, refresh on Mr. and Ms. Baker at ten, and meeting at eleven. I wonder if they would like to go into oil and gas?”
The laundry list of email filled the screen. Right off the bat, Tom noticed he received two emails from the Dalton family office, one of his largest clients, this morning. Tom thought “I was just at their ranch two days ago.”
The newest email was a request to look at the first email. Tom found this weird that the first email was sent at three in the morning. When he opened that email, there was a hyperlink. Tom was hesitant but thought that their family office manager, Michael, was on top of it and clicked the hyperlink anyways. Tom didn’t realize that Dalton was spelled with a capital “i” making the name look like an “L.” The hyperlink directed him to a bad website. Tom thought he should give Mike a call to relay this, but he was too busy. It will have to wait until after the meetings today. Luckily, the website gave another hyperlink to get back to his homepage. The only problem is that it took unusually long, as in several seconds, to get back to his homepage.
Phishing is an attempt to deceive the recipient that the sender is a common contact. The emails that the victim would receive will usually be hard to detect. There is an enhanced version of this that is called “Spearfishing.” Spearfishing is when the perpetrator has researched the victim, through websites, social media accounts, third-party sites, and anywhere your information may be on display. They use this information to gain the trust of the victim.
Join us next week as we follow the spreading of the malicious software Tom unknowingly loaded onto his network.
For more information about our services, contact us by calling us at 1-833-RIACCIO, emailing us at info@riacc.io, or by clicking here to schedule a free consultation.