EFFECTED USERS: Anyone who communicates online has a smartphone, uses a messaging app, or works.
Hair of fire 4 of 5
SUMMARY: Don’t get fired by getting hacked on a personal laptop or mobile device.
Typical links in emails are being avoided, so hackers are getting creative. Person devices, and personal accounts have become the new battleground.
- Twilio employee got ‘Smished’ (SMS Phishing) which infected their phone, harvested their credentials, and got access to accounts that the employee uses to do their job
- A Cisco employee Gmail accounts have been compromised to get into a a computer that
- Multiple other attacks based on personal smartphones and messaging apps.
Patrick Harr is the CEO at SlashNext. He has held senior executive at Hewlett-Packard Enterprise, VMware, BlueCoat and he has successfully sold four technology companies.
Let’s start with the basics: What are the types of phishing attacks:
- Link
- Attached File
- Natural Language
How to mitigate?
- People: don’t click the link
- Process: Go out-of-band and confirm (if you got an email, send a text to that person to confirm)
- Product: Google these search terms: AI, Phishing, Prevention, Zero-trust, Tools, Apps
Get a free voucher for SlashNext! Send an email to info@slashnext.com, and ask our guest, Patrick Harr, for the free voucher he announced on DIY Cyber Guy.
RESOURCES
[1] https://www.technewsworld.com/story/evilproxy-phishing-service-threatens-mfa-protection-of-accounts-177061.html
[2] https://www.cpomagazine.com/cyber-security/twilio-hackers-behind-okta-phishing-campaign-that-breached-over-130-organizations/
[3] https://threatpost.com/cisco-network-breach-google/180385/
[4] https://www.bleepingcomputer.com/news/security/twilio-discloses-data-breach-after-sms-phishing-attack-on-employees/amp/
[5] https://www.darkreading.com/remote-workforce/new-wave-phishing-attacks-shame-scare-victims-into-surrendering-twitter-discord-credentials
That’s all the time we have!
Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io
Thanks for listening.
David W. Schropfer
David W. Schropfer is a technology executive, author, and speaker with deep expertise in cybersecurity, artificial intelligence, and quantum computing. He currently serves as Executive Vice President of Operations at DomainSkate, where he leads growth for an AI-driven cybersecurity threat intelligence platform.
As host of the DIY Cyber Guy podcast, David has conducted hundreds of interviews with global experts, making complex topics like ransomware, AI, and quantum risk accessible to business leaders and consumers. He has also moderated panels and delivered keynotes at major industry events, known for translating emerging technologies into actionable insights.
David’s entrepreneurial track record includes founding AnchorID (SAFE), a patented zero-trust mobile security platform. He previously launched one of the first SaaS cloud products at SoftZoo.com, grew global telecom revenue at IDT, and advised Fortune 500 companies on mobile commerce and payments with The Luciano Group.
He is the author of several books, including Digital Habits and The SmartPhone Wallet, which became an Amazon #1 bestseller in its category. David holds a Master of Business Administration from the University of Miami and a Bachelor of Arts from Boston College.
View all posts by David W. Schropfer
DIY CyberGuy with David W. Schropfer 
One thought on “#57 – Hackers are Using Personal Smartphones and Emails as a Backdoor Into Your Employer”
Comments are closed.