Beware of the Big Bad Hacker – a cautionary tale from Computer Troubleshooters
THE fast approaching festive period also heralds the start of the Pantomime season and Little Red Riding Hood is among the popular fairy stories to have been given the ‘panto’ treatment.
Computer Troubleshooters are aware that there have been some serious instances of email hacking recently which are every bit as sinister as the plot of this Brothers Grimm Fairy Tale and you need to be aware of this cautionary tale so that you can spot the signs before you fall prey to the pantomime villain – or in this case, a cyber criminal.
So, if you are sitting comfortably, I’ll begin.
Once upon a time (except, sadly, this has happened more than once), a finance officer received an email from her CEO asking whether she could arrange a prompt payment.
Our finance officer is aware of the dangers in the forest, so she inspects the email carefully, but is reassured that all is well:
- The sending email address matches the CEO’s name (Grandma, what big eyes you have)
- The CEO’s normal email signature is present (Grandma, what big ears you have)
- There are some spelling errors, but this is excused as the email was written in haste (Grandma, what big teeth you have ….)
Our finance officer is cautious, and decides to email the CEO back to check that all is well.
BUT – just like Grandma in Little Red Riding Hood – all is not what it seems.
You see, the hacker – the Big, Bad Wolf – is inside Grandma’s house! He has hacked the email password of the CEO, he is making himself comfortable and he has disguised himself in Grandma’s clothing. As he is sending emails from within the CEO’s email account, he does not have to spoof the email address; it looks completely authentic because IT IS THE REAL CEO EMAIL ACCOUNT.
What’s more, the Big, Bad Wolf has put rules in place so that the CEO does not see replies and so is totally unaware of the havoc being wreaked in his name.
The email to our finance officer includes details of a bank account and instructs her to pay £65,000 into it! Luckily on this occasion she senses that all is not as it seems, and she decides to venture into the forest to confront the CEO face to face.
Thus, the dastardly plot is unveiled, and it’s time for Computer Troubleshooters – the huntsman – to come to the rescue, changing passwords, cleaning up the damage and advising on measures to be taken.
What is the moral of this story?
Hackers are prowling the forest, always on the lookout for vulnerable systems:
- Passwords need to be strong and not easy to guess
- Passwords need to be unique – if they crack this one, at least they can’t access other systems
- Consider other layers of security
- Train your team to be able to identify the breadcrumbs signposting the villain.
Encourage your staff to speak to each other if they suspect something is not quite right – better safe than sorry.
If you are a victim of a big bad hacker, there is a strong possibility that they have had access to customer personal data. Do the right thing and let the Information Commissioners Office know.
Please don’t have nightmares. We can all live happily ever after as long as we are wise like Little Red Riding Hood and don’t accept everything at face value.
…. And remember that we’d rather be called in for a false alarm rather than taking the risk of letting the hacker run riot – IF IN DOUBT, SHOUT!