top of page
Search

Beetlejuice Beetlejuice.. breach

Gary Hibberd
Oct 25, 20245 min read

This Halloween, don’t let things that go ‘click’ in the night be the end of you (or your data!).

 

We’ve reached the end of Cyber-awareness month, so what better way than to end with a story to send chills down your spine, and you can share with your team.

 

Based on True Events… Read on… if you dare!

 

How it started

It was a dark and stormy October evening when Sam sat quietly at home watching TV. The children tucked up safely in bed as they relaxed, watching the new ‘Beetlejuice Beetlejuice’ movie.  It was great that a friend shared a link to the movie earlier in the week. It was certainly a movie they had been eager to watch, but with the kids being so young, it just would not happen!

 

Tucking into another mouthful of popcorn, Sam glanced idly at the mobile phone, sat just an arm's reach away. At that exact moment, a notification appeared, announcing a new email.  Casually picking up the phone, Sam read the message.

 

“Dear Sam,

 

In the words of Beetlejuice… “Its SHOW TIME!”

 

Thanks for downloading and installing the software for you to watch my new movie… But I have some bad news for you.  You see, I’ve been able to access your device and have total control over your life!

 

I have your

  • Address book and all contacts

  • Bank account details

  • Photos and videos

  • Work access information

 

You have some very interesting images and information that’s for sure.

 

If I don’t receive payment of $250 via bitcoin within the next 4hrs I will be forced to erase your online identity, but not before I share your images and private messages with your friends, family and co-workers and empty your bank accounts.

 

Follow this link for instructions on how to buy bitcoin and share the details with me.

 

There’s no point informing the police. They won’t be able to help you before it all goes public.

 

Thank you in advance…

 

Beetlejuice.

Remember… I Myself Am Strange And Unusual.”

 

Sam placed the phone on the arm of the chair in stunned silence. An icy chill running down their spine.   

 

After a few moments of deliberation, they picked up the phone and made a call.

 

“Come On!  What is wrong with you?! Why did you send me a virus? Sam's voice was on the verge of tears as anger and fear took hold.

 

I didn’t!” the voice on the end of the phone was confused and younger than Sam's. After several angry exchanges, Sam discovered that the message they had received from Jo, the ‘Facebook Friend’ hadn’t come from Jo at all.  Jo’s account had been taken over and it was indeed scammers who had sent the message.

 

“But… But… I SPOKE to you! You told me that it was a good movie and we had discussed it before. That’s why you were sending it.” Sam's voice was full of confusion and indignation. “I’m not stupid. I wouldn’t just click a link!”

 

Jo sighed “Yeah. I know. That’s what they did to me. They’re using AI. You know, Artificial Intelligence, and it can imitate anyone’s voice. They only need a few minutes of dialogue from social media and it can easily pass as a voice message from a friend, work-mate or family member.”

 

Both Sam and Jo fell silent.

 

“What do I do?”

 

“I paid them. I had no choice. I had no idea what they had over me, so I just did what they asked.”

 

After several more minutes of conversation, Sam tapped the screen and the call ended.

 

How it ended… or did it?

Sam didn’t sleep well that night, but they had to move on, and put it down to experience. Almost a cost of being online in the modern world – they had been ‘cyber-jacked’, just like someone has their car stolen.   Shit happens, and then we move on. Right?

 

The following day, Sam's commute to work was the usual mix of bad mood, bad weather and bad tempered drivers. On arrival at the office Sam got on with the main tasks of the day, holding meetings, finishing reports, and taking calls.

 

As the day drew to a close, Sam had almost forgotten the events of the previous even. As they packed away their papers Drew the CEO passed the desk. “Hey. Thanks for the message this morning.”

 

Sam felt the blood rush to their cheeks. “Message?”

 

Drew smiled, “Yeah… The link to the movie ‘Beetlejuice Beetlejuice’. I’ve downloaded it on the company laptop and I’ll watch it later on the flight to the conference. Cheers!”

 

Sam stared blankly at Drew, as Drews smile slowly faded. “What’s up Sam? You look like you’ve seen a ghost?!”

 

The End…?

What did Sam do wrong? Did they do anything wrong at all? What about Drew? Or Jo?

 

What lessons can YOU take from this story?

 

Some of us (of a certain age) will recall that in the 80’s there were adverts stating that “Piracy is theft” and stealing digital content like videos is illegal.  Installing ‘cracked’ software allows scammers and hackers to crawl through those cracks too.

 

Being offered enticing offers of free games, films or materials could be the ‘in’ that the scammers are looking for.  These ‘trojan horses’ often contain malicious content (just like the legend of Troy), that ultimately can do us harm.

 

As security professionals we are still telling people to ‘think before you click’, but this isn’t enough. With the evolution of AI, Deepfake technology, voices and even video can be manipulated to look and sound like your friends, family or CEO!  You simply can’t trust what you read, see or hear.  This is why at Consultants Like Us, we train people to think about what we’re being asked to do, think or feel (in relation to the message we’re being given).

 

It’s time to update our presentations and training to bring in this new approach that scammers are using. 

 

Your action plan today is;

 

  • Assess your levels of risk from AI enabled scams

  • Update training and awareness to include AI enabled scams

  • Update training and awareness to talk about emotions, not just actions

  • Re-enforce the message “There is no such thing as a FREE lunch!”

  

The lessons to be learned are wide and varied. The lessons are there for all that wish to see them. Some are obvious, and others are not. 

 

Not every horror story ends well… they’re called horror stories for a reason. 

 

Good luck.  Sleep well… And don’t let the Cyber bugs byte!

 

 Need help?

If you want to learn more about the psychology of scams and how AI is affecting cybersecurity, get in touch. Our security training is tailored around you and how you operate, but more important than this, we partner with a number of companies who provide training and awareness tools that can significantly improve your chances of NOT becoming the next cybersecurity horror story!

14 views
bottom of page