Service of It Can Happen to You if Goldman Sachs, Citi, Barclay’s & Bank Of England Execs Were Duped

June 19th, 2017

Categories: Emails, Technology


The takeaway for me was we’re all potentially doomed after seeing Liz Hoffman’s Wall Street Journal article, “Goldman’s Blankfein, Citi’s Corbat Duped by Email Prankster– The trickster appears intent on embarrassing top bankers but incidents suggest some basic cybersecurity gaps may exist.”

Hoffman and colleague Telis Demos wrote: “Goldman’s Lloyd Blankfein and Citigroup’s Michael Corbat, as well as Citigroup consumer-banking chief Stephen Bird, responded over the weekend to emails sent by the anonymous prankster masquerading as top executives at the two banks.” Last month Barclays and Bank of England’s top execs fell for a similar hoax.

The executives didn’t spill sensitive information but the


prankster posted screenshots of the emails on Twitter. The goal, according to Hoffman, was to embarrass, not to seek information or to plant viruses.

“The emails mimic a well-known scam known as “phishing.” In this,” wrote Hoffman, “scammers try to get victims to click on malicious links or try to capture sensitive information, such as passwords, via seemingly innocuous emails. These emails can take the form of invoices from customers, shared Google documents, or phony password reset requests.” [I wonder if the reporters meant invoices from vendors…]

“Last year, the FBI said that it had observed a 270% increase in business-email scams over a 15-month period. In these, criminals had impersonated executives to request a fraudulent money transfer or other fraudulent transaction. Between October 2013 and February 2016, law-enforcement officials received reports from 17,642 victims of this kind of scheme that amounted to more than $2.3 billion in losses.”

A private banker I worked with recently told me to feel free to send him my questions by email but said he can’t respond by email. He’ll call me or I can come in and speak with him, whatever’s easier. I wonder if this precaution is new.

Not all email intruders are as benign as the one described in Hoffman’s article. Might this interloper be working for a cyber security firm looking for juicy contracts? How careful are you before responding to a client, boss, colleague or friend? Do you refuse to respond to online surveys that come your way?


Tags: , , , ,

4 Responses to “Service of It Can Happen to You if Goldman Sachs, Citi, Barclay’s & Bank Of England Execs Were Duped”

  1. Lucrezia Said:

    The precaution was passed on to me as a child by a wise parent, so it’s very old, and probably dates back to the time of the first eavesdropper!

    In WWII, “Loose lips sink ships” was a well advertised slogan. Sir Walter Scott mentioned the importance of confidentiality, as did Mark Twain after an ill considered public accusation resulted in a suicide.

    Technology is not entirely responsible for embarrassing mishaps, ranging from those suffered by ordinary folk to huge corporations. It’s been a known fact for years that email content isn’t safe, so perhaps the question of our being “doomed” or not depends on an increased awareness of being “watched” and acting accordingly.

  2. Jeanne Byington Said:


    If a colleague or friend sends me a link, only, and doesn’t add words which usually they do, I forward–I don’t reply–the email back to them and ask if they meant this for me just to confirm the link is legit. I also check to see if the email address is correct. In the case of the bankers, I trust that the email addresses WERE correct, and if so I can see that this precaution is worthless.

    I can’t think of the reason for the troublemaker to take the time to figure out how to dupe these CEOs. To embarrass them seems only part of the story.

  3. hb Said:

    I have never had much to do with computers, but I did once have something to do with some of the codes the government uses overseas. I know that by the 1950’s we had invented a code system that worked unless somebody stole it or corrupted the code clerk. Those two problems are unavoidable no matter what system you use.

    Unfortunately, when the creative types launched the internet on the mass market during the 1980’s, security was not their primary concern. Consequently, as I understand it, the only cure, for embarrassments such as you describe and our terrible and growing security problems, is to start afresh with security concepts such as randomness built into it the system from the beginning. It can be done. It is just a question of brains and money.

  4. Jeanne Byington Said:


    You can put in an infant’s thimble what I know about cyber security. My observations over the years, reading about the hackings and identity thefts of giant corporations and individuals alike, is that it continues in spite of $billions thrown at the problem. Therefore, I agree with you: Start from scratch and focus on security in the rebuilding. But will it happen or will companies that make money by creating walls that turn out also to be easily breached continue to patch the existing system while reassuring clients that they “have it this time?” I think so. It’s a tangle a lot like the health care and tax systems today. They, too, need rebooting but nobody dares pull the plug.

Leave a Reply

Clicky Web Analytics