Reflecting on our time with James Linton last week
Over the past few weeks I’ve had the pleasure of spending time with James Linton and a bunch of Australia’s leading Cyber Security leaders talking about email impersonation, spear phishing and whaling.
It was fascinating hearing about how James went from a curious, dry-humored prankster to one of the globes leading Email scam researchers.
His career started with some light hearted email spoofs into his own banks CEO, leading to spoofs into some of the top White House officials and other high profile individuals.
What was interesting from James experiences were that in each case the same vulnerabilities were exposed:
- Human frailty to be duped by a short, well crafted message
- Email gateways inability to stop these impersonation attempts.
The simplicity of these attacks is alarming.
- No special coding
- No specific IT skills needed
- No special tools or kits
- Just an email client and a creative mind
In one of James last pranks, after his earlier prank into a top White House official, he even used his @emailprankster.co.uk domain with success!
What does this tell us? Even the strongest networks and trained users are vulnerable to social engineering in that “moment of weakness”.
James now users his skills for good, helping Agari and the FBI take down some of the globes leading Business Email Compromise syndicates.
James says the vast majority of the attackers he has followed originate from East Africa – specifically Nigeria. But also due to how lucrative this attack vector is and the low barrier to entry, it’s on the rise.
In recent weeks, InfoTrust has been engaged with a few organizations that have been defrauded by 7 figure sums of money and it’s terrible to see the impact these attacks are having on businesses, their staff and the families of the victims.
The sad part is being called in after an incident to investigate, triage and respond to the incident.
That’s why securing the email ecosystem remains a top priority for the team at InfoTrust and we’re privileged to partner with some of the globes top technology vendors to mitigate email borne attacks.
That’s all for now… see you around soon.
see our
Related resources
In this 45 minute session, InfoTrust and Mimecast email security experts broke down the different types of prevalent email attacks by their tactics and how these can be mitigated.
We looked at the attack chain for;
- Phishing attacks
- Business Email Compromise and Spear Phishing
- Account Takeover Attacks
- Ransomware Attacks
Giving examples of how each tactic evades your traditional security controls, and why next-generation solutions – specifically Secure Email Gateways, are a necessity for businesses.
In December 2019, InfoTrust’s Cyber Defence Team presented with Okta specialists on Zero Trust and how organisations can incorporate it into their security strategy. Our cloud security experts covered;
- What is Zero Trust and where did it come from? More than just a buzzword, a practical security strategy for businesses
- Why is Zero Trust needed as part of a holistic security strategy?
- The Zero Trust maturity curve and how your business can progress through it
- Frequently asked questions by organisations when on the Zero Trust journey
To watch the webinar recording fill out the form below.
In August 2019, InfoTrust’s Cyber Defence Team presented on the advanced threats that we are seeing in the market, and common email security challenges we help our customers solve in their ecosystem.
Richard, John, and Caitlin covered how your organisation can mitigate the risk of;
We're Here To Help