Jes Staley, Barclays CEO, walked straight into a prankster’s trap who was posing as the chairman of Barclays, John McFarlane.
The prankster lured Mr Staley into conversation regarding the Barclays annual general meeting which has been held the evening before the fake email was sent. The Barclays CEO clearly had no concerns regarding the identity of the sender, as he engaged in open conversation.
Within the conversation Mr Staley expressed his gratitude to the prankster impersonating the Barclays chairman, for his continued support amid the tough times. The prankster added “You owe me a large Scotch,” as reported by The Telegraph.
At the end of the conversation the prankster included an acrostic style poem, with the first letter of each line spelling out ‘Whistleblower’.
This mistake will weigh heavy upon the Barclays CEO, who is already under investigation for attempting to find out the identity of a whistleblower. City regulators are conducting the investigation into this previous misdemeanour, as Mr Staley breached the bank’s rules.
This example of a top executive of a major organisation being caught out in such a simplistic manner raises alarm given the extremely dangerous nature of the cyber threat landscape. The blunder shows a huge lack of awareness, which could have cost the company dearly had the prankster had more malicious intentions.
Rick McElroy, security strategist, Carbon Black “Attackers are moving from just sending links to hatching new ways to deceive. We know, for example, that both malware and non-malware attacks can be utilised by cybercriminals through email. There are also instances where cybercriminals are prepared to do their research in order to conduct targeted attacks, such as setting sights on a travelling CEO. Targeted attacks can be extremely effective and, from the cybercriminal’s point of view, neatly complement mass-scale attacks.”