Plain English Cyber in 3 articles, 2 numbers and 1 action.
This week: Pig butchering, LinkedIn profile culls, and our fat fingers.
This week’s action: Are you prepared to bet your professional reputation on one decision?
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
THREE ARTICLES
1: Pig Butchering: “We don’t talk to Uber drivers or farmers.”
What? Secure The Village mentioned a recent article in The Washington Post, describing how well-educated people in the West are targeted by cybercriminals. “[This particular] scam preys on basic decency—the impulse to help someone who sends a message by mistake [..] The con is known as “pig butchering”—a reference to the practice of first “fattening” the victim’s cryptocurrency account with fake gains before the scam ends”. The Post article goes on to describe how one victim lost everything – including her retirement fund, as well as money she had borrowed from family. In total, she lost over $1.5m and says that since the scam, she now feels “really helpless and hopeless”.
So what? According to The Global Anti-Scam Organisation, victims of this type of scam tend to be well-educated – e.g. successful business owners; senior managers; people with Ph.D.s”. These are not stupid people, so the scams must be pretty sophisticated. And the advice is simple: “If someone asks you to deposit money somewhere, don’t do that,” [..] “Call your local police department.
2: Either half of Apple employees lost their jobs on the same day. Or a lot of fake LinkedIn profiles just got shut down.
What? Krebs On Security recently reported on a dramatic fall in the number of LinkedIn accounts that listed their current employer as Apple Inc. In a 24 hour period in early October, the number dropped from over 500,000 to less than half this number. “A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon” occurred at around the same time.
So what? As Krebs states, “LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users. [..] Fake profiles may be tied to so-called “pig butchering” scams [which I mentioned earlier]. In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.” Just another reminder that we need to be careful about who we trust online.
3: Your fat fingers could be your downfall.
What? Bleeping Computer recently reported on a cyber scam that attempts to fool people into downloading applications infected with malware. The scam relies “tricking people into visiting a fake website by registering a domain name similar to that used by genuine brands [..] Victims typically end up on these sites by mistyping the website name they want to visit in the browser’s URL bar, which is not uncommon when typing on mobile. However, users could also be led on these sites via phishing emails or SMS, direct messages, malicious social media and forum posts, and other ways. [This latest campaign] consists of over 90 websites created to impersonate over twenty-seven popular brands”, including the Google Play app store, PayPal, SnapChat and TikTok.
So what? I frequently type in the URL of a website that I want to visit into my browser. And I frequently mistype the URL. Luckily for me, it has only ever resulted in a ‘Page Not Found’ error. But with this scam, I could find myself on a malicious site that looks exactly like the genuine site that I wanted to access. And I could then be easily fooled into revealing my login credentials or downloading a malicious app from this scammer’s site. Instead of typing in the URL and relying on the accuracy of my fat fingers, it looks like I’d be better off using a search engine (but avoiding the ads at the top of the search page, as these could be ads paid for by the scammers). PS: My favourite search engine is Startpage – it’s just like Google, but without the mass surveillance.
TWO NUMBERS
1: 25%
What? In a 2021 survey conducted by the American Bar Association (and recently reported by ISACA SmartBrief), 25% of the law firms responding to the survey reported that their law firm had been breached at some point in the past.
2: 20%
What? According to the same survey, only 20% of solo practitioners in the legal profession reported that they had someone else managing cybersecurity on their behalf.
So what? If you are a solo legal professional, there appears to be an 80% chance that you are managing your cybersecurity alongside your ‘real’ job. Legal professionals tend to have very little spare time, so I doubt you have much time to think about multi-factor authentication, offline backups, and software updates. And given the fact that there appears to be a 75% chance that you have not yet been breached, it is likely that this situation has not caused you any problems so far.
ONE ACTION
1: What got you here may not get you there
What? Just like every solo operator in professional services like law, accounting, sales, marketing etc, you are probably too busy serving your clients to be distracted by tasks like cybersecurity. You may also feel like you can’t afford to invest in cybersecurity. Based on the ABA survey results, where 75% of law firms reported that they had never been breached, it also appears that this lack of attention and investment has not caused you a problem to-date.
So what? I am obviously going to recommend that you ensure you have a secure foundation so that you’re not living in a house without locks on the doors. But how you choose to deal with cybersecurity is your decision. You can choose to check that you have locks, or you can choose to assume a burglar will never check this for you. Either way, it’s your choice and your decision. But are you prepared to bet your professional reputation on this one decision? If this causes you concern, and you don’t know some simple things you can do to alleviate this concern, I may be able to help – Let’s talk: https://codeinmotion.ie/book-30minutes