A new hacking tool can alert cyber criminals where an email recipient is opening an email, meaning criminals can take advantage of a traveling executive and launch a hacking campaign like a phishing attack on the company, reports Harvard Business Review.
This tool, called spymail, reveals to cyber criminals the location of an email recipient, when they read their email and potentially where they are staying. If a scammer can infer an executive is out of the office or traveling for work, the scammer could draft a plausible phishing email impersonating the executive to send to colleagues in the office, asking, for example, to send financial documents or other sensitive information saying he or she forgot to bring them.
“Information captured by spymail can help hackers send believable emails — with the correct sender, recipient, context and time-stamp — to an executive’s HR department or payroll vendor, asking for confidential records at a time when they know the executive wont’ be around to detect it,” reports HBR.
The article offers three ways to avoid such a hack. First, employee education and awareness is key, as they can’t guard against such cyberattacks if they don’t know these schemes happen. Second, the article suggests creating an email protocol for traveling executives, such as a defined series of steps to take if an executive must request money while traveling. Finally, the article suggests adding spymail protections to typical spam filters and firewalls.
“By training employees, putting appropriate travel policies in place and adopting the latest security software, companies can reduce the risk of falling victim to one of these attacks,” according to the report.