Barnaby Joyce has become the latest high-profile figure to be targeted by opportunistic hackers, after his Facebook account was compromised.
The former deputy prime minister shared a post to his official Facebook page on Sunday, informing followers that fraudulent messages had been sent from his account.
“I got $50,000 delivered to me when I apply for the grant and you don’t have to pay it back, you can also apply too,” read one of the messages.
Joyce subsequently apologised to followers for any confusion and urged them not to fall for the scam.
“Sorry guys, I’ve been hacked so if you get a message like this from me please ignore and report it to Facebook,” he wrote, alongside screenshots of a message exchange.
While the poor grammar may seem like an obvious red flag, cyber specialist and Emergence MD Troy Filipcevic said people are still falling victim to very basic scams such as these.
“If people weren’t falling victim to it, they’d stop, and they’d find something else do to – but this is quite lucrative and it’s all around human error,” he said.
Speaking to Insurance Business, Filipcevic also warned that senior level business leaders and CEOs are increasingly being targeted in similar style attacks – which means organisations are also at risk.
“From a business context, this is a big risk,” he said. “Just like Facebook, everyone’s got a LinkedIn profile which talks about what they’ve done, where they’ve gone and how great they’ve been – that’s all good material for hackers to scour and build a profile of the individual that they can then use to crack into the business.”
Using information found online, cyber criminals can easily determine where a CEO works, who their colleagues are, and even what clients their company regularly works with.
They can then craft an email pretending to be the CEO, asking others within the organisation to pay a bill or provide access to a protected area of the business.
“Social engineering has become prevalent because if someone gets an email from the CEO asking them to pay this bill urgently, they don’t always question it, they just pay it,” said Filipcevic.
“With Barnaby, this is happening from a personal perfective – they’ve cracked his account and then sent an email to all of his followers or friends – but the same can happen from a LinkedIn perspective because all of that information is at the click of a button, it’s all public.”
Interestingly, Filipcevic said brokers could use this example as a way of communicating the importance of cyber insurance to clients in the SME sector who are so far unconvinced.
“It’s not about insuring the hardware anymore – businesses should be buying cyber insurance to protect the business against mistakes its employees make,” he said.
“Everyone makes mistakes and it just takes one person to click on something and either a virus comes into the system or someone pays an invoice they shouldn’t have.”
Filipcevic said those without cyber insurance are betting on the improbability that all of their employees will be on top of their game, at all times.
“Businesses are at the whim of every employee being on their game and being 100% focused on the job at all times so when a questionable email comes in, it’s picked up straight away – but that doesn’t always happen,” he said.