Enter the scammers as executives ignore their inner cynics on social media

Your support helps us to tell the story

Support Now

Find out moreClose

As your White House correspondent, I ask the tough questions and seek the answers that matter.

Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.

Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election

Andrew Feinberg

White House Correspondent

The chief executive was a cricket lover – one of those people who go into rhapsodies when talking about Alastair Cook’s latest century, dissecting his technique and eulogising about the perfectly timed cover drive that sailed to the boundary.

So of course he opened the email and downloaded the details when a business associate sent him an invitation to the Test match at the Oval.

Except it wasn’t from the associate. It was a carefully targeted phishing scam. And one that worked spectacularly well.

Hackers had discovered his interest in cricket from his Facebook page – an open one with almost no privacy blocks on it. They’d got the name of the associate from his friends list, also open. Their program lurked in the company’s system for 90 days.

I picked up the above story from Digitalis, an online reputation-management company. It has been doctored slightly to protect the confidentiality of those involved, but the events described happen more regularly than you might think.

To get an idea of how common it is, Digitalis commissioned a YouGov poll – which found that a startling 49 per cent of business leaders never adjust their privacy settings to restrict who can see their profiles on sites like Facebook.

Even if they do, that might not be true for close colleagues, or even personal assistants. Or, perhaps, LinkedIn. Even if you keep Facebook to pre-screened friends, you might be more inclined to make LinkedIn publicly available because it can be to your advantage to do so, because it says “hey, this is me, I’m great – hire me”.

Corporate espionage operatives used to deploy similar techniques to those employed by national spy agencies (which is where many of the people employed in these activities came from). They conducted painstaking research on their targets over many weeks, before striking. These days, they can get the same results via the click of a mouse.

Companies spend millions on software engineers and companies to maintain their firewalls and keep their security software up to date – at least most do.

We have become accustomed to seeing the mega-hack perpetrated by gangs of criminal geeks using hi-tech kit to batter down companies’ defences. Cyber-punk whizz kids armed with electronic battering rams have taken down the likes of Target, Sony and – in this country, infamously – TalkTalk.

The reality is that hacking can be a lot simpler than is commonly realised, and a lot sneakier. The vast majority of attacks go unreported, and no wonder. If a hacker has snuck in through the adroit use of the information on someone’s Facebook page, it could prove very embarrassing to the company and the executive concerned.

Small wonder, then, that this subject isn’t being talked about much.

The internet has introduced a whole range of new services, and ways of communicating. It is only 20 years old. Twitter has just celebrated its 10th anniversary. Facebook isn’t much older. Yet the impact it has had on business has been vast. It has changed the world.

It hasn’t changed people.

Most of us are basically trusting. Even apparently sophisticated executives are urged on to Facebook by their kids or their colleagues. Those who then use it to look at people doing daft things are lulled into thinking that it’s basically harmless maintaining public profiles and public friends lists that provide a wealth of information which it might otherwise be challenging to access.

It’s all too easy for people to forget their inner cynic, no matter how sophisticated they might be. Just read some of things all those clever, sophisticated, crooked bankers involved in Libor and foreign exchange fixing put up in public chat rooms. Or sent in emails.

Idiots? Or just lulled into a false sense of security by modern technology?

So how to combat a growing scourge? Ban chief executives from social media? Many teachers have already left Facebook and Twitter. Ditto those working, for example, for the prison service.

The trouble is, that would be stripping business people of an invaluable tool for communicating with clients, or with potential clients, or with customers. The value of social media to commerce is incalculable.

Even if you can cure the executive team of their Facebook addictions, the necessary clues might still be out there. Got the name of the top dog’s PA? What nuggets might be gleaned from their Facebook musings? Are they fed up with being pestered to book those cricket tickets? Are they cock-a-hoop at being handed the boss’s tickets to a show?

Digitalis has dubbed this “digital espionage”. Perhaps a latter day retelling of Smiley’s People could be dubbed Smiley’s Pixels?

Except it’s no laughing matter.

Digitalis thinks people need to talk about this issue more, and it’s easy to see why. It isn’t just executives and senior business people who need to do this – it’s their PAs or any other members of staff in key positions.

Social media is free to use – but there is a cost. That cost can be huge if business people, usually so aware of potential issues in other parts of their businesses, fail to wise up to it.