#57 – Hackers are Using Personal Smartphones and Emails as a Backdoor Into Your Employer


img_4479

EFFECTED USERS: Anyone who communicates online has a smartphone, uses a messaging app, or works.

Hair of fire 4 of 5

SUMMARY: Don’t get fired by getting hacked on a personal laptop or mobile device.

Typical links in emails are being avoided, so hackers are getting creative.  Person devices, and personal accounts have become the new battleground.

  • Twilio employee got ‘Smished’ (SMS Phishing) which infected their phone, harvested their credentials, and got access to accounts that the employee uses to do their job
  • A Cisco employee Gmail accounts have been compromised to get into a a computer that
  • Multiple other attacks based on personal smartphones and messaging apps.

Patrick Harr is the CEO at SlashNext. He has held senior executive at Hewlett-Packard Enterprise, VMware, BlueCoat and he has successfully sold four technology companies.

Let’s start with the basics: What are the types of phishing attacks:

  1. Link
  2. Attached File
  3. Natural Language

How to mitigate?

  • People: don’t click the link 
  • Process: Go out-of-band and confirm (if you got an email, send a text to that person to confirm)
  • Product: Google these search terms: AI, Phishing, Prevention, Zero-trust, Tools, Apps

Get a free voucher for SlashNext!  Send an email to info@slashnext.com, and ask our guest, Patrick Harr, for the free voucher he announced on DIY Cyber Guy.

RESOURCES

[1] https://www.technewsworld.com/story/evilproxy-phishing-service-threatens-mfa-protection-of-accounts-177061.html

[2] https://www.cpomagazine.com/cyber-security/twilio-hackers-behind-okta-phishing-campaign-that-breached-over-130-organizations/

[3] https://threatpost.com/cisco-network-breach-google/180385/

[4] https://www.bleepingcomputer.com/news/security/twilio-discloses-data-breach-after-sms-phishing-attack-on-employees/amp/

[5] https://www.darkreading.com/remote-workforce/new-wave-phishing-attacks-shame-scare-victims-into-surrendering-twitter-discord-credentials

That’s all the time we have!

Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io

Thanks for listening.

Published by

David W. Schropfer

David W. Schropfer is the CEO of SAFE (Smartphone Authentication For Everyone), a cybersecurity company in New York (www.theSafe.io).  Every day, he and his team of professionals keep the people who use The SAFE Button protected from some of the most common traps, hacks and attacks that target computer systems of all sizes. David is the author of the bestselling cybersecurity book, Digital Habits: 5 Simple Tips to Help Keep You and Your Information Safe Online. His previous books, including The Smartphone Wallet and industry whitepapers, predicted some of the biggest trends in the payments, mobile, and security industries.  Since graduating Boston College, David earned an Executive MBA from the University of Miami.

One thought on “#57 – Hackers are Using Personal Smartphones and Emails as a Backdoor Into Your Employer

  1. Pingback: SlashNext CEO Patrick Harr on DIY Cyber Guy – DIY CyberGuy with David W. Schropfer

Comments are closed.