Catphishing: looking for love in the wrong places

Earlier this month, Forbes staff writer Thomas Fox-Brewster told the frightening tale of how Iranian hackers used a fake Facebook profile to target an unsuspecting techie at consulting powerhouse Deloitte.

The modus operandi: hackers created ‘Mia Ash’ from whole cloth, establishing multiple social media accounts for her, pilfering the photos of a real person in the process.

Catphishing: looking for love in the wrong places

Catphishing: looking for love in the wrong places

Posing as Ms. Ash, the malefactors gained the trust of the consultant, eventually convincing him to download an Excel file infected with malware.

To Deloitte’s credit, its cybersecurity protections prevented the malware from reaching its network – this time.

There is a bigger story here, however. This particular attack combines elements of more familiar types of attacks, but also breaks new ground – and suggests other, similar attack vectors that bad guys may also use.

Perhaps these new attack vectors are unfamiliar, but that doesn’t mean no one is using them to penetrate your organization’s defenses. It simply means you haven’t discovered them yet.

Read the entire article at https://www.forbes.com/sites/jasonbloomberg/2017/10/14/fear-these-three-types-of-phish-catphishing-enterprise-targets/.

Intellyx publishes the Agile Digital Transformation Roadmap poster, advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. As of the time of writing, none of the organizations mentioned in this article are Intellyx customers. Image credit: Kelly McCarthy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Cortex & Brain Candy Newsletters!

Thank you for reading Intellyx thought leadership!

Please sign up for our biweekly Cortex and Brain Candy newsletters.

The Cortex features thought leadership on Agile Digital Transformation topics, and Brain Candy highlights disruptive vendors in enterprise IT.

We won't spam you and you can unsubscribe at any time.