If your firm hires interns you need to read this. BW Cyber Services is aware of criminals scanning LinkedIn to identify interns working in the asset management industry. Once identified, spoofed e-mails that appear to be coming from an executive or managing partner are sent to the newly hired, unsuspecting interns. These requests appear to be activities that can be quickly monetized via gift cards and other similar monetary transactions. We recommend you immediately ensure appropriate cybersecurity training is held for all new hires and especially for any summer interns.
Using social media to identify and exploit new employees is a tactic that has been around for many years. The following privacy settings will provide an additional layer of protection that BW Cyber Services strongly recommends our clients implement to address this evolving threat:
- Add a notification banner in company e-mail to identify all EXTERNAL e-mails – this helps to increase employee’s awareness of potential fraudulent emails purporting to be from a fellow employee, but is actually received from an outside source
- Procure an advanced e-mail filtering solution that explicitly addresses domain age of the sender’s e-mail account and looks for potential impersonation
- Provide formal cybersecurity awareness training for all newly hired employees and contractors
- Conduct quarterly simulated phishing attack campaigns.
How BW Cyber Services Can Help
While there is no single way to prevent being targeted, BW Cyber Services can help you develop a comprehensive cyber compliance security program to prevent and respond to future attacks which affect your operations. We can assess the risks in your organization, review your response plans, conduct phishing campaigns and penetration testing, and we offer a variety of other services to meet your cybersecurity needs. For more information on how BW Cyber Services can assist you as well as ways to prevent these types of phishing attempts from getting to your organization, please contact us at firstname.lastname@example.org.