WEBVTT 00:00:43.359 --> 00:00:46.593 Come on, move, get out of my way. 00:00:46.822 --> 00:00:49.546 Come on 42! What? What are you doing? 00:00:50.133 --> 00:00:54.105 Okay, okay, okay. All right. 00:00:55.443 --> 00:00:56.900 One more... 00:00:57.447 --> 00:00:58.384 killed it. 00:00:59.053 --> 00:01:01.160 Watch the roof, wa... watch the roof. 00:01:03.078 --> 00:01:04.963 Quick before they spawn b..., hm, 00:01:04.974 --> 00:01:06.947 quick before they spawn behind you. 00:01:07.545 --> 00:01:09.545 Am I playing with kids? 00:01:12.335 --> 00:01:13.788 One more! 00:01:15.172 --> 00:01:18.693 No one can get anything past me! 00:01:20.234 --> 00:01:22.234 You can't see me, can you? 00:01:22.587 --> 00:01:24.552 Don't worry about that for now, 00:01:24.562 --> 00:01:27.287 you don't know me anyway. 00:01:27.509 --> 00:01:28.834 But I know you, 00:01:28.844 --> 00:01:30.802 and your business very well. 00:01:30.890 --> 00:01:35.332 In fact, I'm getting to know you better all the time. 00:01:35.457 --> 00:01:38.832 Hackers, fraudsters, scammers, 00:01:38.842 --> 00:01:41.035 my kind is called a lot of names. 00:01:41.236 --> 00:01:44.379 You have your job and I have mine. 00:01:44.623 --> 00:01:50.151 Go ahead, go about your day and don't even give me a second thought, 00:01:50.162 --> 00:01:51.566 that's what I want. 00:01:51.982 --> 00:01:54.619 My enemy is cybersecurity. 00:01:55.007 --> 00:01:59.353 It used to be something only those IT types talked about but 00:01:59.364 --> 00:02:03.565 unfortunately for me, more areas are thinking about me, 00:02:03.576 --> 00:02:05.311 the damage I can do, 00:02:05.321 --> 00:02:06.624 and how to stop me. 00:02:06.774 --> 00:02:08.093 As a fraudster, 00:02:08.170 --> 00:02:13.755 I try to get into the weakest spot in your organization's technology defenses. 00:02:13.908 --> 00:02:16.990 It's sort of an arms race. And sure, 00:02:17.012 --> 00:02:22.229 things like individual passwords and limited access shared drives 00:02:22.240 --> 00:02:24.535 sidelined me for a while... 00:02:24.546 --> 00:02:26.803 but that's part of the challenge. 00:02:26.953 --> 00:02:31.272 Soon, I found other ways into your organizational systems. 00:02:31.485 --> 00:02:33.037 Back and forth, 00:02:33.048 --> 00:02:34.266 cat and mouse. 00:02:34.345 --> 00:02:36.820 Hmmm... it's not always easy for me. 00:02:36.859 --> 00:02:39.224 Oh, but don't worry about me, 00:02:39.869 --> 00:02:42.960 I'll be just fine. You see, 00:02:42.971 --> 00:02:47.320 as organizations get better at guarding against me on the business side, 00:02:47.743 --> 00:02:50.541 I can always target you 00:02:50.551 --> 00:02:52.416 and your fellow employees. 00:02:53.035 --> 00:02:58.888 Scammers like me have a lot of ways we can trick you into giving us access, 00:02:59.085 --> 00:03:01.334 and that's what it's all about, 00:03:01.345 --> 00:03:02.575 access. 00:03:02.741 --> 00:03:08.606 Access to your computers or letting us slide in while you're transferring funds. 00:03:08.735 --> 00:03:14.169 Or when you happen to leave personal information open for the taking. 00:03:14.272 --> 00:03:20.472 One of my favorite tricks is sending you an email requesting information 00:03:20.484 --> 00:03:23.975 or sending you an email link you can click on. 00:03:24.181 --> 00:03:26.960 When you do, my friends and I are in. 00:03:27.015 --> 00:03:32.156 The worst thing for me is when you follow your company's cybersecurity policies. 00:03:32.447 --> 00:03:33.391 Things like: 00:03:33.460 --> 00:03:38.109 Promptly reporting potential breaches or suspicious emails to management. 00:03:38.977 --> 00:03:42.898 Taking steps to verify requests to transfer funds 00:03:42.909 --> 00:03:46.589 or provide personal, identifiable information. 00:03:46.855 --> 00:03:51.105 And staying alert to potential fraudulent email requests. 00:03:51.349 --> 00:03:54.167 I'd prefer that you just assume 00:03:54.177 --> 00:03:57.668 everything you see is completely on the up and up. 00:03:57.778 --> 00:04:01.434 That your IT department has magically done 00:04:01.445 --> 00:04:03.297 everything to protect you 00:04:03.313 --> 00:04:05.219 and the organization... 00:04:13.773 --> 00:04:15.918 Man, you're like an assembly line today! 00:04:15.990 --> 00:04:18.824 It seems like we've been sending out wire transfers all day. 00:04:18.895 --> 00:04:20.699 How many closings has the boss had you handling today? 00:04:20.746 --> 00:04:23.777 - It feels like twice as much as usual. - Must be something in the water. 00:04:23.850 --> 00:04:26.090 I'd be twice as fast if I didn't have all this email. 00:04:26.152 --> 00:04:28.106 Yea. My inbox is flooded, too. 00:04:28.177 --> 00:04:30.402 Boom! Beat the buzzer! 00:04:30.506 --> 00:04:31.934 It's not three o'clock yet is it? 00:04:31.991 --> 00:04:33.366 No, it's five to... 00:04:33.377 --> 00:04:35.127 Oh, I forget we had that meeting with marking! 00:04:35.138 --> 00:04:37.330 Oh, oh, shoot, I wanna get that last wire transfer in 00:04:37.341 --> 00:04:38.580 before cut off! 00:04:39.043 --> 00:04:40.268 Say no more. 00:04:40.636 --> 00:04:42.313 - What's your login info? - No, no, no, it's okay, 00:04:42.340 --> 00:04:44.018 I gotta hustle, I got, I'll just do it later. 00:04:44.073 --> 00:04:46.313 Really, it's no big deal. I got you. 00:04:46.339 --> 00:04:49.924 Um... okay, all right, here's my access information, thanks. 00:05:03.383 --> 00:05:06.369 Oh, no. Oh, no no no. Oh, gosh. 00:05:06.442 --> 00:05:07.947 - What? What's up? - Oh 00:05:07.988 --> 00:05:10.885 I just got a message that we were hit by a DDoS attack. 00:05:11.957 --> 00:05:13.943 What? That means our internet's gonna be down for 00:05:13.974 --> 00:05:16.333 - who knows how long? - I, I don't have time for this, 00:05:16.349 --> 00:05:18.166 I'm still trying to reverse those transfers. 00:05:18.191 --> 00:05:19.025 Which ones? 00:05:19.097 --> 00:05:21.517 Somehow we had two bad transfers 00:05:21.528 --> 00:05:23.464 to the Ukraine at seven AM this morning? 00:05:23.989 --> 00:05:24.776 How bad? 00:05:24.832 --> 00:05:28.401 Uh, over a million dollars, $505,000 each! 00:05:28.458 --> 00:05:29.464 What?!? 00:05:30.183 --> 00:05:31.526 Oh, my gosh. 00:05:31.582 --> 00:05:32.933 Were you able to reverse them? 00:05:32.974 --> 00:05:34.960 Just one, but as I tried to notify the bank that the 00:05:34.971 --> 00:05:37.088 other one wasn't authorized... 00:05:37.099 --> 00:05:39.714 then the internet went down because of the DDoS attack. 00:05:40.708 --> 00:05:42.417 Man, 00:05:42.428 --> 00:05:43.964 I wonder how that happened? 00:05:45.051 --> 00:05:47.604 I wonder how that happened. 00:05:47.848 --> 00:05:49.136 Indeed. 00:05:50.004 --> 00:05:51.433 This stuff happens, 00:05:51.444 --> 00:05:54.308 not as much as I'd like but it happens. 00:05:54.630 --> 00:05:57.520 People get in a hurry, they skip processes, 00:05:57.531 --> 00:06:00.685 they share usernames and passwords 00:06:00.696 --> 00:06:02.245 and before they know it 00:06:02.255 --> 00:06:04.104 things get missed. 00:06:04.386 --> 00:06:07.589 That gives guys like me a golden opportunity. 00:06:07.739 --> 00:06:10.245 You might be curious to know what happened in this case. 00:06:10.326 --> 00:06:13.922 Well, the transfer was not stopped, 00:06:13.938 --> 00:06:15.266 the money was gone, 00:06:15.297 --> 00:06:16.130 poof. 00:06:17.094 --> 00:06:21.146 And when the company submitted a claim through its insurance company, 00:06:21.173 --> 00:06:24.858 the investigation revealed the bad habits of this group. 00:06:25.008 --> 00:06:28.280 This is the part that I really love. 00:06:28.330 --> 00:06:34.061 Employees opened a phishing email message that had links, 00:06:34.089 --> 00:06:35.454 and yes, 00:06:35.465 --> 00:06:39.189 they clicked on those links and yes, 00:06:39.207 --> 00:06:42.549 those links contained malware and viruses 00:06:42.576 --> 00:06:45.156 that were loaded into the machine. 00:06:45.249 --> 00:06:46.437 Wow, 00:06:47.406 --> 00:06:50.993 I feel like these guys were doing my work for me. 00:06:51.190 --> 00:06:54.946 Bad for the company. But BEAUTIFUL for me! 00:06:55.768 --> 00:06:57.993 Man, I sure messed up. 00:06:58.253 --> 00:07:01.618 I never thought something like this would happen... to me. 00:07:01.956 --> 00:07:04.680 I got so busy and distracted, 00:07:05.315 --> 00:07:08.258 I didn't think it was a big deal, skipping a few procedures, 00:07:08.268 --> 00:07:10.024 and that's what happened here for sure. 00:07:10.596 --> 00:07:12.946 Now, there are new checklists in place 00:07:12.964 --> 00:07:17.133 to help make sure something like this doesn't happen again, 00:07:17.224 --> 00:07:19.008 at least not as easily. 00:07:20.440 --> 00:07:23.883 When you don't follow your organizations processes, 00:07:24.356 --> 00:07:27.847 things can go really bad, 00:07:28.731 --> 00:07:30.222 really fast. 00:07:40.324 --> 00:07:42.324 Technology is amazing. 00:07:42.443 --> 00:07:48.055 It lets me and my colleagues do our work in some pretty amazing ways. 00:07:48.127 --> 00:07:52.711 Sometimes I get my way just by asking for what I want. 00:07:53.298 --> 00:07:54.664 Don't know what I mean by that? 00:07:54.729 --> 00:07:58.680 Well, I'm not sure I want you to see this next one, 00:07:58.707 --> 00:08:01.883 because it's one of my favorite ploys to use. 00:08:02.018 --> 00:08:03.727 Ah... why not? 00:08:10.196 --> 00:08:13.266 ... soon you'll be hearing more details about the latest acquisition 00:08:13.277 --> 00:08:15.325 which I am very excited about, 00:08:15.336 --> 00:08:18.992 because it's the center of our strategic yet aggressive growth plan. 00:08:19.111 --> 00:08:22.383 Again, more formal information will be released in the coming days. 00:08:22.424 --> 00:08:24.517 So to wrap up this quarterly update 00:08:24.528 --> 00:08:27.922 we talked about the importance of growth and the importance... 00:08:28.540 --> 00:08:31.041 Hmmm... talk about crazy timing... 00:08:31.176 --> 00:08:33.932 It's an email from Roy? Already? 00:08:34.114 --> 00:08:38.448 Hi Jenny, the following is confidential so please keep this between us for now. 00:08:38.582 --> 00:08:40.248 We have a time sensitive opportunity 00:08:40.259 --> 00:08:42.592 to make our latest acquisition successful. 00:08:42.696 --> 00:08:44.248 I need your help to make it happen. 00:08:44.295 --> 00:08:47.226 Valerie Vesper is an attorney working with us on the deal, 00:08:47.237 --> 00:08:49.693 she's coordinating the financials on this. 00:08:49.795 --> 00:08:54.051 I need you to work with her to send all our employee W2's to her this afternoon, 00:08:54.062 --> 00:08:55.662 she'll contact you shortly. 00:08:55.765 --> 00:09:00.084 This needs to stay between you, me, and Valerie for now. 00:09:02.000 --> 00:09:03.412 Hmmm... Okay... 00:09:05.625 --> 00:09:06.818 HR. This is Jenny. 00:09:06.881 --> 00:09:07.740 Jenny Mathers? 00:09:07.812 --> 00:09:08.474 Yes. 00:09:08.563 --> 00:09:10.068 Hi! Valerie Vesper here. 00:09:10.182 --> 00:09:13.287 You may have received an email about the confidential acquisition... 00:09:13.359 --> 00:09:15.115 Yes. I just saw that. 00:09:15.171 --> 00:09:17.451 Good. We have a competitive situation here. 00:09:17.462 --> 00:09:20.646 The faster we act, the better our chances of completing the acquisition. 00:09:20.702 --> 00:09:21.615 Understood. 00:09:21.749 --> 00:09:23.920 Great. We need the employee information - 00:09:23.931 --> 00:09:26.803 including all W2s to confirm payroll, etc. 00:09:26.813 --> 00:09:29.396 We need to email that within the next hour. 00:09:29.453 --> 00:09:31.240 Oh, wow! 00:09:31.343 --> 00:09:32.787 That isn't a problem is it, Jenny? 00:09:32.828 --> 00:09:33.849 Well... 00:09:34.249 --> 00:09:36.459 I'm sensing some hesitancy. 00:09:36.599 --> 00:09:38.787 This deal is riding on getting that data. 00:09:38.827 --> 00:09:42.006 Well... it's just we have to have two approvals on something like this. 00:09:42.063 --> 00:09:45.764 Of course. We need to work quick. If you give me their email addresses, 00:09:45.775 --> 00:09:49.030 I can do the rest and send them the information for final approval. 00:09:49.087 --> 00:09:50.165 Oh... 00:09:50.431 --> 00:09:51.546 sure. 00:09:51.627 --> 00:09:55.530 The first one is... Loretta.White@WorldView.com. 00:09:55.789 --> 00:09:57.234 Good. And the second? 00:09:57.369 --> 00:10:01.546 The second is... Edward.Hernandez@WorldView.com. 00:10:01.696 --> 00:10:04.749 Jenny, thank you. You've made this so much easier. 00:10:06.103 --> 00:10:08.218 I'll say you made things easier Jenny. 00:10:08.305 --> 00:10:09.999 Wow! Hah... 00:10:10.103 --> 00:10:14.452 Like I said, all we needed to do was combine some techno trickery 00:10:14.566 --> 00:10:18.187 with a sense of urgency and a request for help. 00:10:18.259 --> 00:10:21.937 As you might guess, Valerie got what she needed from Jenny. 00:10:22.113 --> 00:10:27.576 She got the names and email addresses of two high level approvers, 00:10:27.587 --> 00:10:30.649 somethings that isn't always easy to get. 00:10:31.253 --> 00:10:34.173 She sent the email and copied Jenny, 00:10:34.184 --> 00:10:38.386 she repeated the need for confidentiality, and before you know it 00:10:38.397 --> 00:10:43.021 the approvals were in place and the data was in our email boxes 00:10:43.032 --> 00:10:45.480 before anyone even knew what happened. 00:10:45.864 --> 00:10:50.113 It all started with some impressive email address cloning 00:10:50.124 --> 00:10:52.575 so that original note to Jenny... 00:10:52.586 --> 00:10:54.248 looked legit. 00:10:55.601 --> 00:10:57.601 Simply beautiful. 00:10:57.829 --> 00:11:01.292 I have to say it was a proud moment for me. 00:11:03.394 --> 00:11:04.100 I couldn't believe 00:11:04.111 --> 00:11:07.555 how quickly this person was able to get that information out of me. 00:11:07.704 --> 00:11:09.704 I'm trained to be suspicious, 00:11:09.731 --> 00:11:11.820 but it was all set up with that email, 00:11:11.892 --> 00:11:13.664 it looked so real. 00:11:14.393 --> 00:11:15.932 I should've known 00:11:15.943 --> 00:11:17.588 that anything this important 00:11:17.599 --> 00:11:21.635 shouldn't be something I can't discuss internally with anyone else. 00:11:34.816 --> 00:11:37.698 We live in the continuing information age, 00:11:37.709 --> 00:11:40.105 in fact, ah, wait a minute. 00:11:40.182 --> 00:11:41.620 That's way too formal, 00:11:41.645 --> 00:11:44.078 look, there's all kinds of information 00:11:44.089 --> 00:11:46.668 available to fraudsters like me on the web. 00:11:46.732 --> 00:11:49.141 And I'm not even talking about the dark web, 00:11:49.193 --> 00:11:54.050 I'm talking about let's just fire up one of our favorite search engines, 00:11:54.061 --> 00:11:55.812 type in a company name, 00:11:55.823 --> 00:11:57.375 we're off to the races. 00:11:57.447 --> 00:12:01.898 With publicly available information, we have enough to pull some strings 00:12:01.909 --> 00:12:05.207 along with some major dollars into our hands, 00:12:05.362 --> 00:12:08.410 we just have to drop a few names. 00:12:14.637 --> 00:12:17.008 Mr. Ryan, who did you say you're with? 00:12:17.145 --> 00:12:19.524 I'm an accounting rep with Premier Services. 00:12:19.561 --> 00:12:23.243 We manage your suppliers and procurement there at Right Time International. 00:12:23.627 --> 00:12:25.040 Oh yes. How are you? 00:12:25.168 --> 00:12:26.556 Fine, Elizabeth. Fine. 00:12:26.659 --> 00:12:30.477 Say, I wanted to let you know we've changed our banking arrangements. 00:12:30.549 --> 00:12:31.134 Oh? 00:12:31.221 --> 00:12:31.935 Yes. 00:12:32.059 --> 00:12:34.278 Our management must have decided we'll get a better deal 00:12:34.306 --> 00:12:36.810 if we switch to a new bank, so... 00:12:36.820 --> 00:12:37.873 here we go! 00:12:37.990 --> 00:12:39.622 I know how that goes. 00:12:39.680 --> 00:12:40.373 You bet... 00:12:40.435 --> 00:12:44.037 So... we need to change our retainer arrangement with your company 00:12:44.048 --> 00:12:47.227 and have your payments to us go to our new bank account. 00:12:47.345 --> 00:12:49.868 I can give you that information now if you have a moment. 00:12:49.987 --> 00:12:52.243 Okay. You've got the right person. 00:12:52.455 --> 00:12:56.858 But in order to protect both parties, we require a letter in writing 00:12:56.869 --> 00:13:00.232 on our company letterhead to request the change. 00:13:00.398 --> 00:13:03.091 Sure. Thanks for keeping this on the up and up! 00:13:03.345 --> 00:13:05.172 The thing is, 00:13:05.183 --> 00:13:07.579 we're really up against the wall on this one. 00:13:07.698 --> 00:13:10.969 This bank account change hit at a bad time for us. 00:13:11.025 --> 00:13:14.868 If I could email you the information from my company email address, 00:13:14.879 --> 00:13:16.063 could we do it that way? 00:13:16.166 --> 00:13:18.016 It would help us with our cash flow. 00:13:19.494 --> 00:13:22.751 That sounds fine to me. We can work with that. 00:13:23.448 --> 00:13:29.759 Amazing! Our side did a little bit of research, found the name of a vendor, 00:13:29.770 --> 00:13:31.924 posed as an accounting rep there. 00:13:32.060 --> 00:13:37.657 Called and gave just enough information to get the job done. 00:13:37.885 --> 00:13:42.563 All we had to do was send an email with the new account number. 00:13:42.807 --> 00:13:44.455 I hear you, I hear you, 00:13:44.466 --> 00:13:46.673 what about the email address, you're asking? 00:13:47.167 --> 00:13:51.908 This was ginormous and yet so simple. 00:13:52.324 --> 00:13:56.859 What we did was we posed as Premier Services, 00:13:57.005 --> 00:13:58.255 made the call, 00:13:58.266 --> 00:14:01.666 and when we were challenged with proving who we were, 00:14:01.677 --> 00:14:05.980 we asked for some latitude and offered proof by email. 00:14:06.349 --> 00:14:12.142 Then, when we sent the email, we just slightly changed the email address 00:14:12.153 --> 00:14:18.630 from PremierServices.com to PremierServicesLLC.com. 00:14:19.532 --> 00:14:25.161 Adding just three little letters to the email address from one of our guys 00:14:25.172 --> 00:14:29.255 let us add a whole lot of money to our bottom line. 00:14:29.421 --> 00:14:31.182 The real Premier Services? 00:14:31.226 --> 00:14:32.374 Well, 00:14:32.484 --> 00:14:34.370 let's just say they were a bit surprised 00:14:34.380 --> 00:14:37.774 when they didn't receive their normal payment on time, 00:14:37.785 --> 00:14:39.697 though they let Elizabeth know for sure. 00:14:39.841 --> 00:14:43.790 But by then, the money, and we, were gone! 00:14:44.346 --> 00:14:45.665 You know, 00:14:45.759 --> 00:14:48.118 I feel like I shouldn't be telling you this. 00:14:48.464 --> 00:14:49.572 Oh, well. 00:14:49.775 --> 00:14:52.009 You won't remember, will you? 00:14:52.378 --> 00:14:55.306 A big part of my job is customer service, 00:14:55.317 --> 00:14:56.931 that's what I was trying to do. 00:14:56.988 --> 00:15:00.072 To come through for a vendor who needed my help. 00:15:00.535 --> 00:15:04.429 I know our procedure and asked for a letterhead approval, 00:15:04.440 --> 00:15:06.440 but he was so convincing. 00:15:06.778 --> 00:15:10.259 I should have never accepted an email as a substitute. 00:15:10.409 --> 00:15:16.109 Next time, I'll follow up to confirm before I authorize any account change. 00:15:29.039 --> 00:15:32.781 One of the things that amazes me is the real power of email. 00:15:32.969 --> 00:15:35.704 Even though people know that guys like me are out there 00:15:35.715 --> 00:15:39.881 preying on their email boxes and sending fake messages, 00:15:39.896 --> 00:15:43.412 it's still surprising how often it happens. 00:15:44.010 --> 00:15:48.243 If you deal with money and making transfers, don't be surprised if I, 00:15:48.254 --> 00:15:51.303 or one of my friends ends up contacting you. 00:15:51.375 --> 00:15:54.740 Of course, you won't know it's one of us, 00:15:54.806 --> 00:15:58.426 you'll think it's one of your vendors or people you already know. 00:15:58.643 --> 00:16:00.520 At least that's what we hope. 00:16:01.076 --> 00:16:04.449 Here's a case where a company that deals in real estate escrow, 00:16:04.460 --> 00:16:06.707 you know, people buying and selling homes. 00:16:06.854 --> 00:16:08.245 And they need this company 00:16:08.256 --> 00:16:11.933 to hold the money for them until the deal is done, 00:16:11.943 --> 00:16:12.979 then it's released. 00:16:13.129 --> 00:16:16.237 This is one of those deals where fraudsters like me 00:16:16.248 --> 00:16:20.582 count on you getting lost in a high volume of transactions, 00:16:20.592 --> 00:16:24.582 and just going with what seems to make sense to you in the moment. 00:16:35.825 --> 00:16:37.825 Oh, an email from Ty. 00:16:38.678 --> 00:16:42.414 As always, thanks for your help for our last round of deals. 00:16:42.500 --> 00:16:44.336 Hey, I've got a favor to ask you. 00:16:44.423 --> 00:16:47.203 I'm trying to get out of town, we're heading over to Europe for a few weeks, 00:16:47.214 --> 00:16:50.727 I won't be around to handle our normal approvals. So,... 00:16:50.911 --> 00:16:55.303 I wondered if you could put together some wire transfers for me this week? 00:16:55.381 --> 00:16:57.414 All the information is included, 00:16:57.471 --> 00:17:00.716 altogether it comes up to 210,000. 00:17:00.986 --> 00:17:02.914 Again, thanks for dealing with this while I'm out, 00:17:02.930 --> 00:17:05.414 I'll circle back with you when I return to the country. 00:17:05.565 --> 00:17:06.805 Thanks! 00:17:09.033 --> 00:17:10.055 Steven? 00:17:10.324 --> 00:17:11.446 Rick again. 00:17:11.675 --> 00:17:13.164 Yeah, yeah, I'm good. 00:17:13.299 --> 00:17:16.649 Hey, I just got a note from Ty Jacobs, he's out for a while. 00:17:16.699 --> 00:17:18.747 I'm sending you three wire transfers 00:17:18.758 --> 00:17:21.055 he asked us to handle for him while he's away. 00:17:21.956 --> 00:17:22.821 Yeah. 00:17:23.118 --> 00:17:24.149 Yeah, okay. 00:17:24.965 --> 00:17:26.652 Today if possible. 00:17:27.240 --> 00:17:28.887 Oh, perfect. 00:17:29.771 --> 00:17:31.668 Great, thanks for your help! 00:17:36.145 --> 00:17:38.277 And thank YOU! 00:17:38.558 --> 00:17:40.137 This was another easy one. 00:17:40.311 --> 00:17:43.013 Granted we did some nice basic hacking 00:17:43.039 --> 00:17:46.916 to make our email look like the one would normally have come through. 00:17:47.036 --> 00:17:48.401 But, really? 00:17:48.510 --> 00:17:49.588 Look, 00:17:49.958 --> 00:17:53.604 I'm a guy who takes pride in his work, just like anyone else. 00:17:53.749 --> 00:17:57.619 I get a sense of accomplishment when I'm challenged a little bit. 00:17:57.805 --> 00:18:00.887 When I overcome some obstacles in the pursuit of my work. 00:18:01.021 --> 00:18:04.485 Here? Ha, that was way too easy. 00:18:05.828 --> 00:18:08.176 The email looked like any other that we get from Ty, 00:18:08.187 --> 00:18:09.547 he's always making changes. 00:18:09.629 --> 00:18:12.375 Ty's a high-volume guy for us, do you know what I mean? 00:18:13.134 --> 00:18:16.320 But, I should have noticed those red flags that went off 00:18:16.331 --> 00:18:18.766 when he said he wouldn't be available to answer questions. 00:18:19.873 --> 00:18:23.857 I don't know why I didn't confirm with a follow up phone call right away. 00:18:38.177 --> 00:18:43.042 So... I work best when people don't pay attention 00:18:43.074 --> 00:18:44.965 or ignore procedures... 00:18:44.996 --> 00:18:46.793 it gives me the upper hand. 00:18:46.965 --> 00:18:49.746 Once that happens... game over. 00:18:50.162 --> 00:18:54.617 But, I really struggle when I encounter people who STOP, 00:18:54.628 --> 00:18:57.097 THINK and ASK. 00:18:57.437 --> 00:19:00.088 They see something that doesn't seem quite right and 00:19:00.099 --> 00:19:03.274 stop long enough to think through what is happening 00:19:03.285 --> 00:19:06.999 and then begin asking questions. 00:19:07.415 --> 00:19:11.632 These are folks that spoil my plans because they have a sense of empowerment... 00:19:11.643 --> 00:19:16.404 a sense that procedures and processes are in place for a reason. 00:19:17.232 --> 00:19:18.446 As I said, 00:19:18.456 --> 00:19:19.997 the worst thing for me 00:19:20.008 --> 00:19:23.747 is when you follow your company's cybersecurity policies. 00:19:24.082 --> 00:19:24.950 Things like: 00:19:25.007 --> 00:19:29.772 Promptly reporting potential breaches or suspicious emails to management. 00:19:30.032 --> 00:19:34.124 Taking steps to verify requests to transfer funds or 00:19:34.135 --> 00:19:38.328 provide PII (personal identifiable information). 00:19:38.665 --> 00:19:43.500 And staying alert to potential fraudulent email requests. 00:19:43.759 --> 00:19:46.578 Look, don't assume I'll go away. 00:19:46.761 --> 00:19:50.257 I'm always looking for new ways to get access... 00:19:50.332 --> 00:19:51.726 it's my job. 00:19:51.997 --> 00:19:55.944 So, if you really want to beat me at my game... 00:19:56.172 --> 00:19:59.304 STOP, THINK & ASK. 00:20:00.783 --> 00:20:03.656 That will quickly ruin my day.