EDITOR ’ S question n today ’ s digital age , fraudsters have
I never been so ruthless with their tactics , and they ’ re increasingly using ones that are far more personal and harder to spot . For prominent individuals who are a high target for lucrative information – whether part of the C-Suite or in the public eye – the stakes have never been higher . Catphishing has typically been associated with online dating profiles but we are increasingly seeing fake profiles on LinkedIn to trick business professionals into handing over sensitive data , as well as the rise of convincing scams through AI-generated deepfakes , which can create synthetic humans wholesale .
No one is above common sense . Vigilance is something that needs to be exercised by everyone to avoid falling victim to catphishing . The best course of action is to think before you click . People must learn to scrutinise every email they receive , even if they think it ’ s from a trusted individual . This means hovering over links before clicking and refraining from inputting information into forms without being totally sure that this doesn ’ t mean handing over the keys to your digital identity in the process . Always steer on the side of caution – if something is suspicious , it probably is .
However , individuals shouldn ’ t shoulder this burden by themselves – they need the support and protection of their organisation . This means being educated and supported to recognise subtle signs of an attack and to spot suspicious and ‘ out of the ordinary ’ requests , whether that ’ s on email , phone or via social media platforms . This counts
For prominent individuals who are a high target for lucrative information – whether part of the C-Suite or in the public eye – the stakes have never been higher .
for employees at all levels , from a new intern right up to the CEO . It also means employing various appropriate safeguards , such as offerings that check the validity ( or known maliciousness ) of embedded links . These approaches can help protect employees at all levels . After all , a company ’ s security posture is only ever as strong as its weakest link . Hackers often look to gain entry by targeting different user access points , so the protection of every employee – every potential conduit – is essential .
Moving forward , businesses should also consider using stronger forms of digital identity security to keep threats at bay . For instance , verifiable credentials , a form of identity that is cryptographically signed proof that someone is who they say they are , could be used to ‘ prove ’ someone ’ s identity rather than relying on sight and sound . If a deepfake scam or phishing attack is suspected , proof could then be provided to ensure that the person in question is actually who they claim to be .
MIKE KISER , DIRECTOR OF STRATEGY AND STANDARDS , SAILPOINT
WWW . INTELLIGENTCISO . COM 29