top | item 37418442

(no title)

pevey | 2 years ago

I work a lot with startups/small companies, but not necessarily tech savvy ones. They have a hard time understanding at first why they are so targeted with phishing attempts. Often times, leadership comes from big roles at larger companies, and they are anchored in their previous experience at big company. They don't understand why anyone would bother targeting little co.

I try my best to explain why little co is actually a far more ideal target. They are hiring quickly, and unlike at a big company, it is likely that even junior new employees might expect to have some interaction with the CEO. An email supposedly from the CEO at big company would be obvious spam for most employees, but not at a startup. And the information exists to make these targeted emails believable, and IT ALL COMES FROM LINKEDIN.

As soon as a new hire updated their employer to little co on LinkedIn, they would be targeted relentlessly.

discuss

leetcrew|2 years ago

ignorant question perhaps, but what makes the CEO of a small company so much juicier a target than a senior manager or director at a large one? both could have access to sensitive info, ability to spend a lot of money before it's noticed, etc.

pevey|2 years ago

At any given level, people in startups tend to have more actual power/authority, with fewer or no processes or procedures already in place to slow them down. This is part of why startups are effective at building/changing things, but it's also a social engineer's dream.