You are reading a single comment by @hurricane_run and its replies.
Click here to read the full conversation.
hurricane_run-
Particularly when an organisation does not encourage phoning the boss.
More sophisticated threat actors will play on this - they run contact centres to provide a boss on the phone on demand.
Blaming the victim for being stupid is rooted in a "Nigerian General" view of the threat landscape - it's moved on.
Dammit
Total costs for ransomware run at around half that of BEC* - but nobody admits to that if they’re not legally obliged to/it goes to court somehow/someone leaks it.
Ransomware is also a fantastic way of covering your tracks with the added bonus of maybe making some money.
//* Business Email Compromise, where the attacker poses as someone trusted by the victim/s and gets them to (typically) transfer funds to an account under the attackers control