Tel: +44 (0) 114 400 0021

Cyber Sales by FEAR!

Hi all,

One of our clients recently approached us having received an email from a “Cyber Security” company.  The email informed them that they had been monitoring the dark web and had found 77 incidents of compromised material relating to their company and requesting they get in touch to find out what is.  Our client passed this cyber securities companies details to us and we followed it up with them.  There are many sites (haveibeenpwned, breach alert) that allow you to enter your email address and they will check it against a database of leaked credentials that have been released as a result of web services being breached.  For example, if your email was one of those used in the LinkedIn breach of 2012, or as many 2015 divorcees will know, Ashley Madison,  it will be in there.   Our opening question to this company was, did you use sites such as these to gain this information.  The answer was yes.    Our next question was “are these from old breaches from years ago” and again, they were.  So why didn’t they open with this information in their email?  We didn’t ask that question because we knew the answer.  Sales by fear, it’s not the right way to go about gaining clients and generates mistrust.

Of course there is a wider issue to be addressed concerning regular password changing, not reusing passwords, long passphrases being used, 2FA, biometrics, using work email for registering personal services,  and password managers.  I’ll post on that shortly … but sending a “crap you up” email isn’t the way to go about it, or for us to gain the trust of clients as an industry.  It’s embarrassing ..

Lets not do that.

 

Dr David J Day

“In addition to being the Managing Director of Samurai Digital Security, David is a special officer working with the NCA (National Crime Agency) as a member of the National Cyber Crime Unit where he helps solve cybercrime cases. David is also a special visiting lecturer at Warwick and Sheffield Hallam Universities teaching on cyber security master’s courses. He was one of the first people in the country to be awarded a hard-technical cybersecurity PhD, and prior to Samurai worked as a cybersecurity senior lecturer at university for 14 years. In 2014 he received extemporary written praise from New Scotland Yard for his part in operation Westphalian when he used bleeding edge digital forensic techniques to help convict members of LulzSec, a high-profile hacking fraternity.”
Close Menu