Imagine me in hacker-mode browsing through social media when I come across a selfie of an executive sitting at his desk working with his dog in his lap. Adorable, yes. But I’m not looking at their goldendoodle. I’m more interested in their laptop in the background. As an exec, they probably know enough not to have their email or any sensitive documents open on their laptop. They’ve minimized all the windows before they snapped the photo and all I see is the beautiful mountain scape desktop scene that they’ve never bothered to change. Now I know what operating system they use and I can instantly tailor malware to work on their machine.
Like I mentioned, folks in the public eye have a high-threat model. This includes anyone in the C-suite of a large corporation. This also includes anyone in your organization with a large following or a person who has access to something that people want, whether that’s money, personal information, or details about a merger and acquisition.
One trick I use in hacking VIPs is called spoofing, which means, I use software to make it look like I’m a VIP on your caller ID but in reality, it’s just me on my phone. I’m not actually a board member you need to speak to quickly. I might then invent some scenario to convince you to email me the latest M&A deck to a new email address.
People like your VIPs and executive team have a high-threat model and are more likely than most individuals to receive a targeted phishing attack or to be spoofed over the phone, email, text message or social media. Some execs with high-threat models will experience attempted hacks at least once a quarter, if not once a week. Some people with extremely high-threat models see attempted hacks every single day.