Reflecting on our time with James Linton last week

Over the past few weeks I’ve had the pleasure of spending time with James Linton and a bunch of Australia’s leading Cyber Security leaders talking about email impersonation, spear phishing and whaling.

It was fascinating hearing about how James went from a curious, dry-humored prankster to one of the globes leading Email scam researchers.

His career started with some light hearted email spoofs into his own banks CEO, leading to spoofs into some of the top White House officials and other high profile individuals.

What was interesting from James experiences were that in each case the same vulnerabilities were exposed:

  1. Human frailty to be duped by a short, well crafted message
  2. Email gateways inability to stop these impersonation attempts.

The simplicity of these attacks is alarming. 

  • No special coding
  • No specific IT skills needed
  • No special tools or kits
  • Just an email client and a creative mind 

In one of James last pranks, after his earlier prank into a top White House official, he even used his domain with success!

What does this tell us? Even the strongest networks and trained users are vulnerable to social engineering in that “moment of weakness”.

James now users his skills for good, helping Agari and the FBI take down some of the globes leading Business Email Compromise syndicates.

James says the vast majority of the attackers he has followed originate from East Africa – specifically Nigeria. But also due to how lucrative this attack vector is and the low barrier to entry, it’s on the rise.

In recent weeks, InfoTrust has been engaged with a few organizations that have been defrauded by 7 figure sums of money and it’s terrible to see the impact these attacks are having on businesses, their staff and the families of the victims.

The sad part is being called in after an incident to investigate, triage and respond to the incident. 

That’s why securing the email ecosystem remains a top priority for the team at InfoTrust and we’re privileged to partner with some of the globes top technology vendors to mitigate email borne attacks. 

That’s all for now… see you around soon.

see our

Related resources