Criminals do their own recon to study how vendors craft their emails and how they can structure them to match. Scammers know employees are busy and that they want to act promptly on requests, but they also understand it takes time to verify the validity of the email. How do we train employees to know what is real and what isn’t?

Today’s guest is Josh Bartolomie. After joining Cofense in 2018 as the Director of Research and Development, Josh currently serves as the Vice President of Global Threat Services. He has over 25 years of IT and cybersecurity experience. He designed, built, and managed security operations centers, incident response teams, security architecture, and compliance for global organizations.

• [1:08] - Josh shares his background and what he does in his current role at Cofense.
• [4:06] - After all these years, email continues to be an easy way for scammers to target many people at one time and victimize a percentage of them.
• [5:52] - Wherever there are a lot of people, that is where attackers will go because that is a bigger pool of success for them.
• [7:08] - You used to be able to block emails with an unsubscribe button, but now we rely on those emails, too.
• [9:50] - The goal is not to stop them altogether, because at this point it isn’t possible. The goal is to dissuade people from clicking links and trusting emails.
• [11:47] - With AI and LM, crafting emails has never been easier for scammers.
• [13:48] - Organizations get hit in different ways, but HR generally gets targeted a lot.
• [16:54] - Intellectual property theft is also a part of email crafting.
• [20:14] - Chris shares the story of an unfortunate experience.
• [25:10] - Acknowledge that these things do happen and they can happen to you.
• [27:33] - Always call the vendor. It’s an extra layer and extra work, but never trust an email that says something has changed when it comes to finances.
• [28:54] - Organizations should have a strong reporting culture.
• [30:55] - Employees can report emails that seem suspicious. The majority of them are spam emails, rather than scams, but they should be reported.
• [34:02] - What constitutes a spam email? What is the difference?
• [36:13] - Organizations tend to cut IT and cybersecurity when there are budget cuts.
• [39:18] - This is changing every single day.
• [41:46] - Scammers collect data and create profiles. They are very sophisticated in their strategies to target organizations.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Cofense Website
• John Bartolomie on LinkedIn