One of the targets didn't properly verify the very strange request.Sent emails to target(s) impersonating the person.Email address format acquired via web search.Name of target(s) in the Accounting department found via LinkedIn or other means.Name of person to impersonate found via LinkedIn or other means.Or used a similar looking domain name (slight misspellings or IDN Homoglyph Attack.No SPF records on financial company domain, or SPF verification turned off at the MX host.Sweeping it under the rug and ignoring that it ever happened seems to be the defacto standard. There's financial penalties, reporting, auditing, etc. Nobody in the business wants to report it because it'd trigger some kind of investigation, and then they'd need to communicate to all their patients that their data may have been stolen, etc. Even after the MSP comes in and secures the device, it's up to the business to report the breach - the MSP can't. Scammers get access to the server (usually with LogMeIn or TeamViewer) and go to town. Obviously it's scammers, but they fall for it because they're not IT professionals. I've spoken to many people in the MSP side of IT who have doctors as clients, and there have been several of them who have said that their network hasn't been the same since "Microsoft called and needed access to our server". There's no legal mechanism requiring people to report that they had a breach. It's a voluntary self-reporting sort of thing that only has consequences for the business. Screw 'em all, regulate them into a corner, and jail the repeat offenders. These small companies, to a man, think that they're special, and that laws are those things that other companies have to deal with, but we're nice guys so we don't need to worry about that. Then I didn't qualify for unemployment benefits.īecause of my experience I no longer feel bad about strong government oversight. I was recalled back to the office and fired on the spot. I told the boss it wasn't legal for me to do what he was asking, and suggested some alternatives. Then not a week later, we were put in a situation where the boss asked us to do something that was expressly illegal (using comp time to evade overtime pay). It seemed manageable and we were working towards a mutual understanding that would put us in compliance with the law and get everyone paid fairly. We were having some wage-hour issues at the company because the boss wasn't used to doing things "legit" as the business grew. I was eventually fired from that company under similar circumstances that made me lose much faith in American institutions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |