Phishing Attack Awareness and Training with Josh Bartolomie

Criminals do their own recon to study how vendors craft their
emails and how they can structure them to match. Scammers know
employees are busy and that they want to act promptly on
requests, but they also understand it takes time to verify the
validity of the email. How do we train employees to know what is
real and what isn’t?


Today’s guest is Josh Bartolomie. After joining Cofense in 2018
as the Director of Research and Development, Josh currently
serves as the Vice President of Global Threat Services. He has
over 25 years of IT and cybersecurity experience. He designed,
built, and managed security operations centers, incident response
teams, security architecture, and compliance for global
organizations. 
Show Notes:

[1:08] - Josh shares his background and what he does in his
current role at Cofense.

[4:06] - After all these years, email continues to be an easy
way for scammers to target many people at one time and victimize
a percentage of them.

[5:52] - Wherever there are a lot of people, that is where
attackers will go because that is a bigger pool of success for
them.

[7:08] - You used to be able to block emails with an
unsubscribe button, but now we rely on those emails, too.

[9:50] - The goal is not to stop them altogether, because at
this point it isn’t possible. The goal is to dissuade people from
clicking links and trusting emails.

[11:47] - With AI and LM, crafting emails has never been
easier for scammers.

[13:48] - Organizations get hit in different ways, but HR
generally gets targeted a lot.

[16:54] - Intellectual property theft is also a part of email
crafting.

[20:14] - Chris shares the story of an unfortunate
experience.

[25:10] - Acknowledge that these things do happen and they
can happen to you.

[27:33] - Always call the vendor. It’s an extra layer and
extra work, but never trust an email that says something has
changed when it comes to finances.

[28:54] - Organizations should have a strong reporting
culture.

[30:55] - Employees can report emails that seem suspicious.
The majority of them are spam emails, rather than scams, but they
should be reported.

[34:02] - What constitutes a spam email? What is the
difference?

[36:13] - Organizations tend to cut IT and cybersecurity when
there are budget cuts.

[39:18] - This is changing every single day.

[41:46] - Scammers collect data and create profiles. They are
very sophisticated in their strategies to target organizations.



Thanks for joining us on Easy Prey. Be sure to subscribe to
our podcast on iTunes and leave a nice review. 
Links and Resources:

Podcast Web Page

Facebook Page

whatismyipaddress.com

Easy Prey on Instagram

Easy Prey on Twitter

Easy Prey on LinkedIn

Easy Prey on YouTube

Easy Prey on Pinterest

Cofense Website

John Bartolomie on LinkedIn