{"id":517,"date":"2015-06-18T22:36:10","date_gmt":"2015-06-18T22:36:10","guid":{"rendered":"http:\/\/darthjedi.logiodice.com\/?p=517"},"modified":"2015-06-18T22:38:37","modified_gmt":"2015-06-18T22:38:37","slug":"layer-8-security-hacked-by-email","status":"publish","type":"post","link":"https:\/\/darthjedi.logiodice.com\/?p=517","title":{"rendered":"Layer 8 security: hacked by email."},"content":{"rendered":"<p>Last week I received a letter in the mail claiming to be from the city of Suffolk.\u00a0 They want me to pay a tax on my cars.\u00a0 The tax is less than $100, but you know what; I already paid a fee to register my cars.\u00a0 Perhaps the request is legit, but it seems just a little bit suspicious.\u00a0 What if that letter came through email with a link to click for me to make a PayPal payment?\u00a0 Is email any more secure than the US Postal service?\u00a0 How do you know the letter, or the email, that claims to have come from a certain person actually came from that person.\u00a0 The postal system, like the internet is kind of the wild, wild west.<\/p>\n<p>There are plenty of technologies that can help solve this issue \u2013 if someone expresses interest, I would be happy to dig into those technologies in the near future.\u00a0 However, as a quick way to raise your awareness of the dangers of trusting email (or snail mail) without a discerning eye, pop over to the New York Times and read the post about the <a href=\"http:\/\/nypost.com\/2015\/06\/16\/magazine-publisher-swindled-out-of-1-5-million-in-cyber-fraud\/\" target=\"_blank\">Magazine Publisher that just lost 1.5 Million<\/a> dollars due to an email scam.<\/p>\n<p>The short story:<\/p>\n<blockquote><p>Someone hacked into the email of the CEO and sent an email to the Accounts Payable department to wire 1.5 million dollars to an offshore Chinese bank account.<\/p><\/blockquote>\n<p>The dutiful employee complied.<\/p>\n<p>The problem here is not that someone hacked the CEOs email, this type of stuff happens every single day in the real world.\u00a0 The problem is that the receiver on the other end didn\u2019t apply any type of analysis or intelligence to the request (e.g. is this risky, is this unusual?).\u00a0 It is interesting to note that the \u201cCEO\u201d sent a second email to Accounts Payable.\u00a0 This second employee thought \u201cHey, this seems odd, maybe I should double check with the CEO\u201d.<\/p>\n<p>Result: <u>1.5 Million dollars saved<\/u>.<\/p>\n<p>Who knows, perhaps a 1.5 million dollar transfer request through email was a normal day in the Accounts Payable office of Bonnier Publications.\u00a0 If so, shame on them (see the opening paragraph).<\/p>\n<p>Summary:\u00a0 Enterprise organizations need to eliminate email from their business processes, both from an efficiency and a security perspective.\u00a0 As an individual, you need to approach email with a certain amount of discernment, even if they appear to come from a trusted individual (see the opening paragraph).<\/p>\n<p>I promise not to send you email from your boss asking you to buy lunch for the office: but I can\u2019t speak for everyone.<\/p>\n<p>Asking a few additional questions might just save your company 1.5 million dollars.<\/p>\n<p>Remember: <strong>Security is everyone\u2019s responsibility.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week I received a letter in the mail claiming to be from the city of Suffolk.\u00a0 They want me to pay a tax on my cars.\u00a0 The tax is less than $100, but you know what; I already paid a fee to register my cars.\u00a0 Perhaps the request is legit, but it seems just &hellip; <a href=\"https:\/\/darthjedi.logiodice.com\/?p=517\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Layer 8 security: hacked by email.&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[25,28],"tags":[],"class_list":["post-517","post","type-post","status-publish","format-standard","hentry","category-security","category-technology"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=\/wp\/v2\/posts\/517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=517"}],"version-history":[{"count":4,"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=\/wp\/v2\/posts\/517\/revisions"}],"predecessor-version":[{"id":521,"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=\/wp\/v2\/posts\/517\/revisions\/521"}],"wp:attachment":[{"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/darthjedi.logiodice.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}