Today’s Hackers Target Executives with Simple Social Engineering
Today’s hackers are more innovative. Rather than just running up charges on your credit card, they are looking to extort money in exchange for return of your private information or to limit their use of it. For insurance executives, private information often includes emails related to customers and their policies. Data could include confidential information about assets, employees, vendor contracts and bank accounts.
These more innovative hackers hold the private information as ransom. They request a payment or disclose private client correspondence, irreparably lock certain personal photos and files on one’s computer, post private information online for all to see, or sell internet browsing behavior. After receipt of the “ransom” payment, the hacker usually follows through on the promise so as not to endanger the potential of future ransom payments.
Hackers identify profitable targets from online profiles, company websites, and public real estate records. Their research can include more intrusive tactics such as intercepting email correspondence, eavesdropping at public Internet locations, or accessing online accounts.
A main access point for hackers seems to be email. If they gather enough information about you from eavesdropping on your email correspondence, they will be able to, in many cases, gain access to your systems.
The more they learn about you, the more likely they will succeed in extorting a bigger and better “ransom”. In many instances, the FBI recommends paying the ransom because the alternative resolutions are more costly than the cost of the ransom. “The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”
How might you mitigate your risk?
- The best way to avoid a ransomware attack is to encrypt email communications that contain sensitive information. This minimizes opportunities to intercept emails and glean valuable information.
- Minimize clicking on links from incoming emails if you do not trust the source and recognize the context of the message. The source can easily be masked, so ensure you recognize both the source and the context.
- Your email account is the gateway to your information – account statements, password reset processes, and more. Ensure you use email account passwords different from your e-commerce website passwords.
One of the simple actions you can take today to thwart these hackers is to ensure that when you send personal email with sensitive information, you send it with RMail® message-level encryption.
RPost’s RMail service provides email encryption that is radically simple for both senders and recipients. The encrypted message contents are delivered directly to the recipient’s inbox, and there is no need for the recipient to open a third-party webpage, create an account, or retrieve the files from another location.