Viewpoint: How Artful Manipulation Can Undermine Employee Security
Society for Human Resource Management
SHRM has partnered with Security Management magazine to bring you relevant articles on key HR topics and strategies.
Chief financial officer Malcolm Fisher never thought he would be victimized by cybercrime—until a social engineer successfully impersonated him and bilked his company out of more than $125,000.
It was relatively easy for the criminal to identify Fisher as a high-value target given his key position within the company—his bio was readily available on the company website. And Fisher's social media profiles on Facebook, Twitter and LinkedIn revealed several bits of information that marked him as a dream target for a diligent social engineer.
Fisher frequently participated in poker tournaments and was not modest in describing his success at the table. He posted about attending an upcoming tournament in Las Vegas and catalogued his travel plans across social media platforms. Shortly after his arrival to Las Vegas, Fisher received a text message from what appeared to be the tournament organizer providing a link to the updated schedule. When he clicked on the link, nothing seemed to happen—but he had just unwittingly provided the social engineer with entry into his company-issued mobile device.