Twitter:
I have a work twitter account to tweet my clients about system outages, changes in rates, offers etc.
It's in my name but I don't actually operate it, it's done by a marketing company and media people in the bank and I don't have the password. All of the other account managers have one as well.
Call from a client today (yes a Sunday - this client wouldn't ring unless important so I picked up), thanking me for the link to Big Bertha's Bouncing Delights, but she didn't think it was appropriate to share to business customers. (She of course knew it wasn't me and was humorously alerting me to the hack.)
Client Email:
This one happened earlier this month and the payload analysis came out on Friday. The details have come out from an email from out IT Risk department and have been dumbed down...
A colleague's (who I know) client sent a pack of data in response to a loan request. We were working on the new loan with them and expected the data.
The thing is we had already received a huge tranche from them as expected in an encrypted file.
A new batch of data came through, this time different encryption and the password sent with it which raised an eyebrow or two and the email was annotated with "just a little more info regards Joshua".
Joshua (not his real name) is know as Josh to his staff and to us and signs his emails as such. Josh always sends the password separately - not on email.
The attachment was not opened but sent to our "Phishing" team.
It turns out the client was targeted because they banked with us and the package was looking for one of our applications to specifically target to withdraw funds.
Apparently firms are being targeted not to get to them but their customers, suppliers and bankers.
|
|
If you post the link to Big Bertha's Bouncing Delights I'll investigate.
|
|
In the spirit of transparency and impartiality I should corroborate Kevin's findings. :)
|
|
That's all well and good, but what if you disagree? I suppose, if it will help, I could offer the casting vote.
|
|
I believe the site was designed to ensure that you caught something nasty! ;-)
|
Not sure I would be happy with any social media account in my name that I did not have any control over.
Why do your employers not set up a generic name specific to your type of work?
|
>> Not sure I would be happy with any social media account in my name that
>> I did not have any control over.
>> Why do your employers not set up a generic name specific to your type of
>> work?
I entirely agree with that. I'd not have anybody posting anything in my name anywhere. I have enough trouble with the stuff that I actually *do* write.
|
>> Not sure I would be happy with any social media account in my name that
>> I did not have any control over.
There was a bit of uproar at the time. The accounts are set to private so only invited users can see them.
They did the same with Linkedin and there was real uproar as people already had accounts set up, to specifically look for jobs and actually asked for user names and passwords so that they could take over existing accounts but were firmly told where to go.
|
|
This is the same crowd that told you that you couldn't look at public social media posts by prospective job candidates?
|
>> This is the same crowd that told you that you couldn't look at public social
>> media posts by prospective job candidates?
>>
Yes!
One is HR one is Marketing!
|
So do the invited users know that it is a bot and not you who is tweeting?
Does that not negate the “personal relationship” ?
|
Two Hacks at work / Twitter and Client Email - Kevin
