Who’s afraid of the Big, Bad Wolf?

At this time of year, we should be thinking about Midsummer Night’s Dreams rather than a midsummer’s nightmare, but unfortunately the cyber criminals have other ideas.

It has been brought to our attention that there have been some serious occurrences of email hacking recently which are every bit as sinister as the plot of a Grimm Fairy Tale.  You need to be aware of this cautionary tale so that you can spot the signs and don’t fall prey to the villain of the piece.

So, if you are sitting comfortably, I’ll begin.

Once upon a time (except, sadly, this has happened more than once), a finance officer received an email from the CEO asking whether she could arrange a prompt payment.

Our finance officer is aware of the dangers in the forest, so she inspects the email carefully, but is reassured that all is well:

  • The sending email address matches the CEO’s name (Grandma, what big eyes you have)
  • The CEO’s normal email signature is present (Grandma, what big ears you have)
  • There are some spelling errors, but this is excused as the email was written in haste (Grandma, what big teeth you have ….)

Our finance officer is cautious, and decides to email the CEO back to check that all is well.

BUT – just like Grandma in Little Red Riding Hood – the CEO never sees this email.

You see, the hacker – the Big, Bad Wolf – is inside Grandma’s house!  He has hacked the email password of the CEO, he is making himself comfortable and he has disguised himself in Grandma’s clothing.  As he is sending emails from within the CEO’s email account, he does not have to spoof the email address; it looks completely authentic because IT IS THE REAL CEO EMAIL ACCOUNT.

What’s more, the Big, Bad Wolf has put rules in place so that the CEO does not see any replies and is totally unaware of the havoc being wreaked in his home.

Our finance officer receives a reply naming a bank account and instructing her to pay £65,000!  She senses that all is not as it seems, and she decides to venture into the forest and confront the CEO face to face.

Thus, the dastardly plot is unveiled, and it’s time for Computer Troubleshooters – the huntsman – to come to the rescue, changing passwords, cleaning up the damage and advising on measures to be taken.

What is the moral of this story?

Hackers are prowling the forest, always on the lookout for vulnerable systems:

  • Passwords need to be strong and not easy to guess
  • Passwords need to be unique – if they crack this one, at least they can’t access other systems
  • Consider other layers of security
  • Train your team to be able to identify the breadcrumbs signposting the villain.

Encourage your staff to speak to each other if they doubt that something is real – better safe than sorry.

If you are a victim of a big bad hacker, there is a strong possibility that they have had access to customer personal data.  Do the right thing and let the Information Commissioners Office know.

Please don’t have nightmares.  We can all live happily ever after as long as we are wise like Little Red Riding Hood and don’t accept everything at face value.

…. And remember that we’d rather be called in for a false alarm rather than taking the risk of letting the hacker run riot – IF IN DOUBT, SHOUT!