Cat photos help hackers hook energy workers

Beware of those cute pictures. Hackers use them to get workers to click on links that allow them access to systems.

By Zain Shauk Houston Chronicle

December 23, 2013 — 7:08pm

The largest energy companies want their workers to stop clicking on links to cute cat photos.

Such e-mailed links are among the leading ways that hackers gain access to energy company systems — a trick known as phishing, with the potential for breaches that could lead to huge thefts of data, or even physical damage.

Phishing attackers try to get computer users to click on a link or download an attachment in an e-mail that allows hackers to enter their systems.

In their latest counterattack, Schlumberger, Shell and other major players in the energy sector have been sending their employees fake phishing e-mails.

Unfortunately for many companies, employees are easily coaxed into clicking on bad links, said Jim Hansen, executive vice president for PhishMe, which specializes in phishing risks. "Something as foolish as silly pictures of cats," Hansen said. "You think it's not going to happen. It always happens — 88 percent failure rate."

The fake phishing e-mails, meant to look like the same anonymous come-ons that might lure an unsophisticated Web user into clicking on a contaminated link, are aimed at teaching employees how to spot dangerous messages.

"One of the big things I try to do is let people understand that it's not myself, it's not the security team that needs to be looking out for security," Mario Chiock, Schlumberger's cybersecurity adviser, said at a recent conference in Houston. "Every single person needs to be responsible for security."

That is a new approach for most energy companies, which are beginning to view cybersecurity in the same way that they view physical safety.

The push comes after repeated reports that energy companies are among the most targeted by hackers.

The Department of Homeland Security says that 40 percent of all cyberattacks last year targeted energy companies and several security firms have said energy companies are the top targets for certain types of attacks. An attack on Saudi Aramco knocked out 30,000 computers last year.

Computer infections also have wreaked havoc offshore, knocking some offshore rigs offline for weeks.

StarTribune

Cat photos help hackers hook energy workers

Stock market today: Wall Street rallies again to erase more of April's losses

The world's largest 3D printer is at a university in Maine. It just unveiled an even bigger one

Minnesota AG sues Fridley dealership, alleging deceptive sales practices

Tesla's first-quarter net income tumbles 55% as falling global sales and price cuts reduce profits

New federal rule would bar 'noncompete' agreements for most employees