No, Your CEO Isn’t Sending You Urgent Texts
It’s common to want a positive relationship with your employer, and cybercriminals are keenly aware of this vulnerability. Be wary; not every urgent message is legitimate.
Imagine an employee’s routine day disrupted by a sudden text message supposedly from their CEO, claiming to be in urgent need and requesting help.
If this scenario sounds familiar, it’s because it’s becoming increasingly common. Many CEOs continually remind their staff that they are not behind these desperate communications.
Your CEO hasn’t misplaced their phone or suddenly lost access to essential contacts and business data. They aren’t stranded needing gift cards for gas. These narratives are typical of phishing schemes employed by cybercriminals using various communication methods to deceive people into divulging sensitive information.
Phishing attacks, particularly those impersonating high-level executives in distress, are a frequent and effective cybercrime tactic.
Kris Lovejoy, the global security and resilience practice leader at Kyndryl, expressed surprise that people still fall for these scams, emphasizing the simplicity yet effectiveness of exploiting human trust.
Phishing’s effectiveness is evident in its continued prevalence, highlighted by recent attacks on major companies like Twilio, Cisco, and Uber. Research from SlashNext reveals a 50% increase in mobile phishing attacks last year alone.
According to Verizon’s 2022 Data Breach Investigations Report, over 80% of data breaches involve human error, with phishing as a primary method of infiltration. A Forrester report noted that nearly one-third of data breaches originate from phishing attacks.
Cybercriminals often start these scams via email, but text messages are equally targeted due to their personal nature, which can lead victims to let their guard down.
Mika Aalto, co-founder and CEO of cybersecurity training firm Hoxhunt, mentioned how spoofing a CEO can be particularly lucrative as employees naturally want to respond promptly and helpfully to their superiors, often overlooking suspicious signs.
Hoxhunt itself has defended against numerous phishing attempts, with criminals impersonating Aalto through emails and texts.
From the cybersecurity perspective, these deceptive practices are common. Robert M. Lee, co-founder and CEO of Dragos, shared a screenshot showing a phishing attempt targeting an employee via text, an encounter where the employee cleverly attempted to outsmart the scammer.
Patrick Harr, CEO of SlashNext, noted the increasing frequency of these attacks, especially to new employees who might not recognize their CEO’s phone number, making the deception easier for criminals.
One sophisticated instance observed by SlashNext involved a WhatsApp message where the scammer, pretending to be a traveling CEO, manipulated the conversation to extract company data during a supposedly troubled video call.
For Lovejoy, the persistence of these phishing attempts underscores the importance for organizations to understand the psychological triggers within their workforce to effectively counteract such threats.
She advises that understanding the attacker’s mindset and securing critical information are key to not just defending against, but also recovering from, these potentially devastating attacks.
For all your IT support needs, talk to the best IT Support company in Halesowen
Recent Posts
