Rodney District Insurance broker Mark Kreling has revealed his experience as the target of spear phishers in a bid to raise his clients’ awareness of various forms of cyber crime.
Kreling said their technique was far more sophisticated than previous phishing exercises, such as the Nigerian prince scam, lottery draw or long lost relative with US$12 million in the bank that could be yours too.
“This was a phone call from an Australian number with a very polite and articulate young man named Jared on the line, from Market Solutions.
“This very professional sounding Aussie talked about ‘Investment Opportunities’ that I might actually have been interested in, even if I couldn’t remember the exact survey I supposedly filled in.
“There were sounds of a busy office in the background.”
Kreling said the point of the phone call is to make you expect their email, and then open the attachment because you knew it was coming.
“And they know about you. They can tune their ‘sales pitch’ to your interests and business profile – after all, they’ve got access to LinkedIn and Facebook and Twitter, your company website, and all the other places you feature,” he said.
Even if they target your company and speak to a receptionist, colleague or staff member, they can obtain an email address and ask that person to let you know an email is coming your way.
“Once the firewall is circumnavigated, you effectively do their work for them, by opening an innocuous looking pdf or Word attachment and downloading ransomware or other malware on to your own system – and through the Cloud or your company network this can spread to every device, locking down or looking into all your valuable systems and data,” he explained.
“Then comes the demand for payment to unlock it, which will increase in cost the longer your delay.
“If you need the data, can’t recover it and don’t have insurance cover, what else can you do?”
Kreling said like physical burglary, once someone has been targeted, they are far more likely to be attacked again.
“Because the cyber criminals will sell your details – as good payers – to others of their ilk,” he noted. “Like a malicious referral program.”
If they are not distributing ransomware, they may be working as distributors of private information about clients, employees, accounts, invoices or suppliers.
“Once they are in, they will work at full speed to get the information to the highest bidder before the breach is discovered,” he explained.
So, what did Kreling say to Jared from Market Solutions?
“I said ‘No, thank you’ and he rang off,” he said.
“I called the number back and got a disconnected message. This time I swam clear, but they’re getting smarter.”
LMI Group founder targeted twice in two days by thieves
Hackers aren’t ‘geniuses’: The real reasons behind most cyber attacks