While Ocean’s 8 is a recent, funny, action packed, movie premiering in 2018, it showcased the importance of cybersecurity awareness within pop culture today. The plot surrounds the largest jewel heist of the century and highlights Ocean’s mastermind hacker cracking through a few accounts to access a few private systems. This quick and short movement showed audiences just how easy it is to have your information compromised. In the movie, the need to gain access to a high-profile venue’s camera control center. While most would think this is impossible, the movie demonstrates that this was possible with a quick phish. Doing simple research on the CEO of the security company that runs operations for The Met, the hacker was able to learn everything she needed through social media and google. The hacker then used that information to send a phishing advertisement targeted to the interest of the CEO.
When the CEO sees the advert, he simply clicks on the link and is redirected to a page full of dog photos. This serves two purposes, the link was coded to allow the hacker to gain access to the remote endpoint and security cameras and the photos distracted the CEO long enough for the hacker to download files necessary to build the blind spot, and thus help steal 105 million dollars’ worth of jewels.
Phishing attacks are designed for you, with you in mind. With the right kind of information, any email scam can look legit. Without the proper training on how to identify a phishing email from a regular email, especially if the email contains information that interests you, it’s only a matter of time before you fall victim.
In hindsight, whatever anti-virus the Met was running, wasn’t enough to face an “advanced attack” especially when the link didn’t come through an email filter system with a file that screamed “VIRUS”. It’s important to highlight that without the proper security systems in place, a hack of your systems could be managed just as fast as it did in the movie.
It’s also important to recognize that these same phishing attacks cost this CEO 105 million dollars. We need to remember our best practices when dealing with phishing emails and make sure to use them daily.