Magazine article Talent Development

Avoiding the Anglers: Be a Hero Not a Victim of Phishing Attacks

Magazine article Talent Development

Avoiding the Anglers: Be a Hero Not a Victim of Phishing Attacks

Article excerpt

This story was told by Todd OBoyle, chief technology officer and co-founder of Strongarm

CLIENT

A not-for-profit healthcare company based in the New England region of the United States

OPPORTUNITY

Cyber attacks that use phishing techniques are on the rise, and they often target HR departments because they're the keepers of valuable personal information. However these attacks are preventable: A 2015 survey from Verizon estimates that 90 percent of all data breaches are attributable to human error or misuse--not IT vulnerabilities.

DIAGNOSIS

In a common phishing scheme, the attacker researches the names and email address es of a company's executives. Then, posing as the CEO, he sends an email to HR saying that he needs all employee W-2 information immediately--usually requesting for it to be sent by email as a.zip file.

Many times, the HR team simply fulfills the request without a second thought be cause it appears to be urgent and from a position of authority. Once that happens, the HR director has unknowingly sent sensitive personal information to a hacker, who can pose as an employee to file an illegitimate tax return and then turn around and sell the employee data on the black market.

In one such case, at one of our clients, the HR director was not fooled and became her firm's hero. The email came from the CEO's address. There were no spelling errors, typos, or odd formatting. It did have a sense of urgency, which is one of the warning signs of a phishing email. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.