back to article Don't be fooled! He's not from the IT crowd... he's a CYBERSPY – FireEye

Impersonating IT departments in spear-phishing attacks is becoming an increasingly popular tactic among hackers, particularly in cyber-espionage attacks. IT staff themed phishing emails comprised 78 per cent of observed phishing schemes picked up by FireEye in 2014, compared to just 44 per cent in 2013. The sixth annual …

  1. Peter Simpson 1
    Thumb Down

    Social Engineers

    I'm on a first name basis with our IT guys. While I'm not entirely sure that's a good thing, I have worked for companies who have Maximized Shareholder Value by outsourcing IT services to a third party.

    This is most assuredly NOT a Good Thing. Aside from the fact that you end up dealing with jobsworths who try to avoid doing anything, you're much less likely to be on a first (or any) name basis with the folks at the other end of the phone...and so, much more susceptible to this kind of attack.

    1. Anonymous Coward
      Anonymous Coward

      Re: Social Engineers

      "Aside from the fact that you end up dealing with jobsworths who try to avoid doing anything,"

      A fact?

    2. Mark 85

      Re: Social Engineers

      Outsourcing really isn't a good idea except for those things where the skillset in house would be too expensive to maintain, such as building out a server room or whole building. I've been on first names with some of these, and then the company (ours) changes contractors and it's another set of headaches. I've had people show up claiming to need access to "audit" the server room and cabling for an upgrade. My procedure is to keep them waiting while I check with Network Procurement to see if it's true. Most of the time, it's legit but there have been a few times where, when I back to the lobby area to tell them "we have no idea who you are", they were gone.

  2. Anonymous Coward
    Anonymous Coward

    I've worked two sites with breaches that spring to mind.

    The first had an FTP that had been setup many years prior to me joining, this FTP was not being used by anyone within the business at this point and when I checked it there were text files of the usual XXXX WAS HERE. The amusing one was the "Is this still up?" Some of the files were 13 years old.

    I worked at a company that had pretty much every machine infected with Mytob. As this was 6 years after it's general spread, I was shocked to see it. The resistance from manglement to remove it led to my leaving. I can't secure a network that you won't let me clean first.

    1. Anonymous Coward
      Anonymous Coward

      What is it with management and their refusal to allow the competent staff fix the IT backbone of the company? This is why I gave up working in business. I am now an academic.

      1. Anonymous Coward
        Anonymous Coward

        If we fix it, it might break. I mean it's working now, so can you provide me a 600 page cost analysis on fixing it? The cost of creating the cost analysis was so high, we can't stretch the budget to implementation. Oh and you should get to fixing the slow machines, because that's affecting operations and our email seems to be blacklisted, can you sort that too?

  3. Anonymous Coward
    Anonymous Coward

    Poor customer service is the solution!

    Our Helpdesk, as part of our IT department, almost never initiates contact even for a known issue, and even less frequently checks back to see how resolution went. This way our users expect NO contact initiated by IT, and know any such contact is an obvious scam.....

    lowered expectations, and Tough Love Tech Support (and a whole lot less convenience or as we call it "personal responsibility" kills a lot of "convenient" scams before they even start.

    Win/Win-ish situation?

  4. DNTP

    My company has no IT department or dedicated IT professionals but I often end up impersonating our non-existent IT department. Here is the big secret about imitating an IT professional for all you real spies out there: Be good at fixing things.

    Pro: access to everything that needs to be fixed to do your job

    Con: people ask me to fix their computers all the time

  5. Anonymous Coward
    Holmes

    Hackers?

    Sounds like crooks and crime gangs to me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like