We focus on cyberattacks on government agencies, high tech companies, and other large companies but think, it will never happen to me. What do I have to offer these attackers? However, organizations and individuals around the world are increasingly finding themselves with lost data, stolen money, and or disruption to their computers.
Unfortunately cybercrimes have become such a part of our daily lives, that many people personally know someone who has been attacked. We chat with Nigel Postings who shares a recent attack and how you should prepare.
Video Transcription
Harry Brelsford
Hey nation nation we are with Nigel Postings. Did I get it right? It's plural Postings.
Nigel Postings
It is yes. Yes. The American sometimes miss the S, but yes, definitely a plural.
Harry Brelsford
Well, I'm part of my challenges we work together over a decade ago. So it's it's been a while we've seen each other once or twice, but it's been a while now. But yeah, we were all there back in the day. Well, here's the deal Nigel that I want to talk about is, a few weeks ago, I got an email from you, which is always welcome. But there was something suspicious, it was something about an RFP or an opportunity. And, you know, I hadn't been in close touch with you. So I called Yeah. And I said, you know, Hey, man, did you send this and you're like, and it was one of the more sophisticated phishing attacks I've seen in my career, it looked real. You know, I'll hand it over to you. So what's, what's the story? The story goes back before my call, apparently,
Nigel Postings
yeah. So the story is go back to the 29th of July, a day before my bicycle and to the to the UK for six weeks working from the UK that day, certificant, you'll understand a few minutes. And then the last but one day I'd receive the same email that you got from someone who I knew not as well as I know you, but someone I knew. I'd actually spoken to who lived in the Seattle area and saying an RFP Would you like to respond? So my ears picked up an RFP, great opportunity to do business. So email this person back. And the response came. And this is new to when I went when I spoke to you last, the response came back to Yeah, this is true. It's a secure, it's with a secure site. And there's some documentation I need to show you could you please log in, as it's, you know, tightly control. Okay. Still a little bit suspicious. I phoned up this person. And this person would believe he was the person but at the time, didn't know he had been hacked. said yeah, yeah, we'll want to work on RFP for you so didn't quite understand and responded Yes. So I validated through email and validate speak to the person for great then I do the wrong thing completely Hands up. I go in login with my besides email, and that was it. I thought nothing of it. And the reason the 29th of July is interesting, because I did this on my home PC, which was then switched off for six weeks, not used at all. Fast forward. All right, back in September, parent YPC for the first time, then came back on Tuesday then the following Tuesday, actually a call just before yours from my son My son's working with another Mike's Aparna said, Hey, Dad, you've sent me You sent our company an RFP, what do you not send it to me? I said No, I haven't sent you said Come check your Sent Items. So I go to my my outlook and I look go my Sent Items in there, it was an email that I'd sent but worse, I could see lots of or sent emails going out quickly, quickly. So I realized I fallen foul of this. So what this spam or whatever you want to call it did was it, I'll see had my credentials, it must have put some kind of script on my home PC. And then once emails went out it put them into the Sent Items and then quickly into the deleted items. So trying to help trying to hide the trail. So Bonaparte support the team and immediately reset my password. And then it seemed to stop. Okay, great fuel, start to send out emails and I noticed like you had a lot of phone calls a lot of things on LinkedIn. Hey, Nigel, great to hear from you. But this is surreal. So very suspicious. But then about one o'clock it kicked in again. And for our No, you know, so the only way out of this was to completely rebuild my machine. And so that's how I did that. So I was that's my my couple of concerns of one Why did it wait six, seven weeks from now I got this original RFP, I think I I solved that issue, please. So as in I suddenly realized that my PC was off and the script kicked in is on my own piece only one other thing it did at the time, it set up a rule when not on my client but on my web access to Outlook to exchange office 365 so I looked at all my clients he wasn't there so I only found it that way. So I felt pretty duped and disappointed. I you know, I felt you know, I felt a little too What I'd like to do in terms of security. I have ever gone there Norton Antivirus, double double ban. But what it did, I followed up with the person and I kept it with this post on LinkedIn about a year ago from Seattle who's a CEO of a company small company turned out He was hacked. But he was hacked for longer. And so the second email that went out he didn't even know about that said yes, they've obviously, not only did they send emails, delete them, they sent a follow up email. So yeah, this is correct. We do need to log in, this is a secure opportunity. So it took him time to get rid of everything. But that's the lesson. You know, never give your credentials. Even if you speak to somebody you think, you know. The only thing guide, I don't know for sure. When I found out was it really him? I'm assuming he wasn't he was obviously very, very busy. He just thought Yes, there was an RFP out there. Yeah, that's the tale.
Harry Brelsford
Man. That is that's, you win the prize for the best Tale of 2021. I mean, and I was part of that. But that's why I wanted to do a little podcast Well, hey, before we go, tell the audience. What do you do at Microsoft, maybe to quickly take us back to yesteryear when we work together? And then fast forward us? What do you do today?
Nigel Postings
Your thoughts? Going back 11 years ago, look myself? I was in the channel team, where my partners were announced, and what's his organization as was then and we did lots of things for partners. Right, you know, building tools for SMB building to demo showcase, building, helping the tele sales team at the right conversation with partners. So say let's myself did stints at KPMG. And now besides. And besides we are we just finished two projects for a lab, a large cloud provider and the large OEM, where we're literally scoring hundreds of 1000s of partners across their inbound signals, what the customers want outbound signals, what are they promoting their growth through traffic, where they're located their web performance and so really we can help our clients segment their audience into who's hot, who's not be sure to get engaged with etc.
Harry Brelsford
Yes, sir. All right, well, I hope the next time we meet it's under more pleasant circumstances. And as I told you in our personal call, but you know, after 32 years in Seattle, I've had the great pleasure to relocate just outside Austin and the hill country so you know, put put us up put us on your list when you feel comfortable traveling. Come on down to Austin. Let's get together.
Nigel Postings
Yeah, definitely. This is a price by the way, but yes, it's very, very sad. All right. All right.