Reflecting on our time with James Linton last week
Over the past few weeks I’ve had the pleasure of spending time with James Linton and a bunch of Australia’s leading Cyber Security leaders talking about email impersonation, spear phishing and whaling.
It was fascinating hearing about how James went from a curious, dry-humored prankster to one of the globes leading Email scam researchers.
His career started with some light hearted email spoofs into his own banks CEO, leading to spoofs into some of the top White House officials and other high profile individuals.
What was interesting from James experiences were that in each case the same vulnerabilities were exposed:
- Human frailty to be duped by a short, well crafted message
- Email gateways inability to stop these impersonation attempts.
The simplicity of these attacks is alarming.
- No special coding
- No specific IT skills needed
- No special tools or kits
- Just an email client and a creative mind
In one of James last pranks, after his earlier prank into a top White House official, he even used his @emailprankster.co.uk domain with success!
What does this tell us? Even the strongest networks and trained users are vulnerable to social engineering in that “moment of weakness”.
James now users his skills for good, helping Agari and the FBI take down some of the globes leading Business Email Compromise syndicates.
James says the vast majority of the attackers he has followed originate from East Africa – specifically Nigeria. But also due to how lucrative this attack vector is and the low barrier to entry, it’s on the rise.
In recent weeks, InfoTrust has been engaged with a few organizations that have been defrauded by 7 figure sums of money and it’s terrible to see the impact these attacks are having on businesses, their staff and the families of the victims.
The sad part is being called in after an incident to investigate, triage and respond to the incident.
That’s why securing the email ecosystem remains a top priority for the team at InfoTrust and we’re privileged to partner with some of the globes top technology vendors to mitigate email borne attacks.
That’s all for now… see you around soon.
see our
Related resources
In this 45 minute session, InfoTrust and Mimecast email security experts broke down the different types of prevalent email attacks by their tactics and how these can be mitigated.
We looked at the attack chain for;
- Phishing attacks
- Business Email Compromise and Spear Phishing
- Account Takeover Attacks
- Ransomware Attacks
Giving examples of how each tactic evades your traditional security controls, and why next-generation solutions – specifically Secure Email Gateways, are a necessity for businesses.
In July 2019, InfoTrust partnered with Symantec to host an Overcoming the Challenges of DLP webinar. In this session presenters; Saaim Khan, Security Practice Director of InfoTrust and Sean Callaghan, Senior Systems Engineer at Symantec covered;
InfoTrust and Insentra partnered together in September 2018 to produce a webinar to help answer some of the common questions asked by customers when considering a Data Loss Prevention solution. Together we covered;
1. What problems do DLP and CASB solutions solve?
2. Should your organisation be considering DLP or CASB?
3. What flavour of DLP & CASB do you need?
The first part of this webinar was run by InfoTrust’s Senior GRC Consultant, Saaim Khan, where he shared insights and strategies that have helped InfoTrust clients maximise their DLP technology investments.
For the first webinar in our Combatting Modern Email Attacks Series, we looked at email as a persistent threat vector and critical vulnerability requiring a layered security approach. The InfoTrust team analysed the human factor and how social engineering techniques evade traditional security measures.
To watch the recording of the webinar complete the form today.
In this 49 minute session called “Email Threat Landscape in 2020”, InfoTrust and Mimecast email security experts covered;
- The current state of the email threat landscape
- Examples of phishing, BEC, and ransomware campaigns
- High profile breaches that have made the media in the past year and what happened
- Technology advancements in the past 12 months to protect against these attacks
- Holistic security steps your business can take to reduce these risks
To access the recording today fill in the form below.
We're Here To Help