A couple weeks ago I received an email message with the subject line “Urgent Request !!!” The note purported to be from Adam Lashinsky, this newsletter’s weekday columnist, a man whose comminqués I am wont not to ignore. Yet I knew instantly, even before opening the note, that the composer was an imposter.
The tell: Three more exclamation points than I have observed the bossman ever having used !!!
Phishing, the attempted ensnarement of people’s personal information through fraudulent dispatches, continues to be one of the web’s great scourges. The tactic remains an effective means for spies to commit espionage, a lucrative pastime for criminals, and a nuisance to my inbox. Naturally, the practice is a highlight in Verizon’s 2019 data breach investigations report, a compendium of useful cybersecurity insights, published Wednesday.
Verizon’s report is based on an analysis of more than 41,000 security incidents and more than 2,000 breaches across many industries and companies. The data are culled from 73 data sources ranging from Palo Alto Networks, the cybersecurity firm, to the U.S. Secret Service.
Three findings from the report to call your attention to, all of which concern phishing.
- Hackers are increasingly targeting top dogs. Senior executives were 12 times more likely to be the target of “social incidents,” including email phishing scams, than in years past. They were also nine times more likely to be the target of “social breaches,” meaning the unauthorized disclosure of sensitive information through social channels, such as via phishing, than in years past.
- Money motivates. Financially-oriented social engineering attacks, which include phishing, represented 12% of all data breaches. Some miscreants sought to steal web login credentials, banking passwords, or credit card information; others urged people to wire money into coffers controlled by crooks.
- Phones are a threat. Mobile devices were associated with 18% of phishing email clicks. People are often distracted when using their phones and are thus easier targets.
It’s obvious why hackers are turning their attention to senior executives. They have greater access to organizational resources and, when compromised, their accounts hold more sway over underlings. (Yessir, right away, Mr. Lashinsky, sir!)
John Loveland, Verizon’s global head of cyber strategy, offered another reason when visiting Fortune’s office this week. “Executives are very busy. They’re flying through lots and lots of emails a day. They’re more likely to click on bad emails,” he said. “The bad guys are focusing their attention on where they think they’re going to get the greatest bang for their buck.”
A tip for your consideration. Have a conversation with your teammates, and let them know that they should always confirm your identity out of band—over the phone, or through some other means—before they wire money somewhere. Make it urgent.