It’s easy to assume that someone who is rich and famous is also tech savvy, but that’s not always the case. Take for example the news this week that Shark Tank star Barbara Corcoran lost almost $400,000 in a phishing scam.
According to an article in People Magazine, “The incident unfolded last week when Barbara’s bookkeeper received an email about an invoice ‘approving the payment for a real estate renovation.'”
Corcoran admitted she was duped. “I lost the $388,700 as a result of a fake email chain sent to my company. It was an invoice supposedly sent by my assistant to my bookkeeper approving the payment for a real estate renovation. There was no reason to be suspicious as I invest in a lot of real estate.”
This is such a brilliant example of perfect social engineering that it should be studied in universities for years to come. What makes for great social engineering? A phishing email so believable that nobody even stops to question it. It’s the type of email that the victim actually expects to receive during the normal course of their business. And as a result, they never even question it. Ms. Corcoran can expect more of these phishing emails in the future.
How was the scam discovered? “The error wasn’t noticed until the bookkeeper sent a follow up to Corcoran’s assistant’s actual address, informing her of what she had just done. That’s when the company became aware of the scam and the assistant noticed the hacker had altered her email.”
Did you catch that? The hacker had altered the email. Do you know who gets tricked by perfect social engineering? Almost everyone. Do you know what doesn’t? Technology.
The only way to combat perfect social engineering is with technology. People get scammed by phishing emails because we engage with the human part of the email: the text and the images. That’s the stuff the hackers fake to trick us.
Technology doesn’t engage with the human part of the email. It deals with the underlying code in the email: the links and email addresses. And that’s where phishing emails can be spotted.
Cloud-based email security with real-time link scanning like that available from Phish Protection is the kind of technology that doesn’t get fooled by perfect social engineering because it only looks at the underlying code: where the links and emails point to. That’s where phishing emails give themselves away. I think it safe to assume Ms. Corcoran didn’t know about Phish Protection.
It can’t be because of the cost. Phish Protection only costs pennies per user per month. It can’t be because of the headache of setting it up. It only takes about 10 minutes. The only logical conclusion is she didn’t know about it.
It’s usually the shark that preys on others. In this case, it was the shark that was the prey. Don’t be the prey. Try Phish Protection risk free for 30 days. Be smarter than a rich and famous TV star.