The Unwitting Enemy Within

Meet David. David works in sales and is out on the road at coffee shops and customer sites a lot. He receives an email from his IT team telling him his account is about to expire and to click on the link to ensure his access continues.

The information in the email looks bonafide and all seems above board. David clicks on the link, enters in his credentials and thinks no more of it. Little did David know that a hacker was behind the email and had he taken a little more care with looking at the email, and thinking back to the education and emails his company provides

Unbeknownst to David, as soon as he entered is credentials, a malicious script was activated in the background, which hijacked his session.

Ian doesn’t mean any harm. He’s trying his best. But his best isn’t good enough, because this year Ian singlehandedly caused a data breach that cost his company more than £20,000.

Back in February, Ian fell foul of a phishing attack when a seemingly innocuous email from that well-loved search engine ‘Gloogle’ landed in his inbox.

Ian knew to avoid malicious emails – after all, he’d yawned through his organisation’s mandatory staff awareness training when he joined two years ago.

But this email was from Trish in HR (via Gloogle), and Ian could trust Trish. Or so he thought. So, no alarm bells rang when, upon clicking to view the ‘project management folder’, he was prompted to re-enter his login details.

Unbeknown to Ian, this email wasn’t from Trish. This email was from a hacker, and as Ian entered his user credentials into ‘Gloogle Docs’, a malicious script activated in the background – hijacking his user session cookie, resulting in a reflected XSS attack.

In one fell swoop, the hacker gained access to all of Ian’s user data, including login credentials and company credit card numbers.

Unfortunately for Ian’s employer, the breach wasn’t immediately detected, and it took six weeks before the finance department noticed the influx of fraudulent transactions.

Past Blogs

benefits of cybersecurity

Benefits of CyberSecurity

The benefits of cybersecurity. With vast amounts of information are stored online, the benefits of robust cybersecurity are more vital than ever. At Network &...
what is dmarc

What is DMARC

What is DMARC and Why Does Your Business Need It? When it comes to protecting your business from cyber threats, email security is often overlooked. Yet, email is one of...
Why is password management software important

Why is Password Management Software Important

Why is Password Management Software Important for Your Business? In today’s digital world, passwords are the keys to your business’s most sensitive information. From...
What is Email Filtering ?

What is Email Filtering and Why Every Business Needs It

Email is the lifeblood of business communication, but it’s also one of the most vulnerable entry points for cyberattacks. According to research, 96% of cyber threats...
What’s your business’s view on Return to Office?

What’s your business’s view on Return to Office?

Do you love keeping your employees happy by allowing them to work remotely? Or do you think everyone is more productive in the office? Businesses are divided on this...
Outdated backup systems could leave your business vulnerable

Outdated backup systems could leave your business vulnerable

When did you last review your business’s backup tools? Outdated backup systems can fail to protect you from modern threats, like ransomware attacks. If you want a...
Microsoft’s fixing this annoying Windows 11 fault

Microsoft’s fixing this annoying Windows 11 fault

Fed up seeing useless “Recommendations” in the Windows 11 Start menu? Good news – Microsoft’s making them more helpful. Here’s how the improvements could help your team...
Beware that corrupted email attachment: It could be a scam

Beware that corrupted email attachment: It could be a scam

Cyber criminals get more creative every day. The latest scam designed to steal your business data uses corrupted Word files – and getting fooled is easier than you...
Are your employees your security’s weakest link?

Are your employees your security’s weakest link?

Great employees have the same goals you do. But while they’re working hard to help your business succeed, they could accidentally be opening the door to cyber...
The two big threats of doing business on public Wi-Fi

The two big threats of doing business on public Wi-Fi

Public Wi-Fi can be a lifesaver when you must send an urgent email while out of the office. But did you know it can also put your business data at risk? These are the...