This week a friend shared a story about her college-aged daughter Jane and her recent experience in finding a job. She is in graphic design and has a portfolio, so when she came across a well-known company that creates sports-branded gear that was hiring, it was something she wanted to pursue. She sent them her portfolio electronically, and they set up an interview using a chat forum. They asked a few questions and then asked her to fill out forms that were going to put her in the queue to receive work from them. She completed each one and recommended this to friends, who were all excited about this opportunity that would give them income, experience, and work on a contractor basis.
Until one of her friends paused as he was asked to give his social security number, his address, date of birth, banking information for payments rendered and so on.
You can see where this is going. They were hackers and they had just been handed Jane’s entire identity by merely dangling a carrot of opportunity in front of her.
How can you possibly think that a job interview is conducted over a chat room?
How can you hand over so much information without questioning what they need it for? Or without even questioning if it is legitimate?
We all likely asked ourselves the same things (and more), but then I thought about it. Jane is a young adult in her early twenties, she is intelligent, she is not reckless or careless and she has worked two jobs (at the same time) since I’ve known her. The point is this young woman isn’t a slug or reckless child.
Then I also realized that her generation wouldn’t question anything about interacting entirely online, never meeting face to face, or even via video. Electronic communication is their norm and oversharing is all part of the game too, so why would it be strange to have a job interview any other way? She was working at being an adult and making her own decisions to provide income, so we can’t fault her for that either.
Hackers know our weaknesses; they know how to gain our trust and they customize their attacks based on the audience. You think you know what you’d do, but that’s because you can see things clearly from the outside when you aren’t the target. When you’re in it, you’re less likely to see it so obviously. Humans are after all, only human.
As we work to protect our homes, our businesses, our identity, and our families, let’s remember that smart cybersecurity is like a streaming account – everyone is going to have a different profile but still be using the same platform. Yet the commonality among all of it is that humans are the weak link that will inevitably be the way a cybercriminal gets in the door. We need to be less judgmental in how it happened, and more united in making sure that it doesn’t happen. We link virtual arms to make a strong defense, and know that each of us needs the other to be stronger.