Norb Tatro, a former local TV news producer and friend of mine, was recently cloned. On Facebook, that is.
I know this because his cyber alter ego contacted me one evening with some “happy” news: He’d just won $250,000 from a new U.S. government/Facebook grant program. What’s more, my name was also on a list of grant recipients.
The clone suggested we kibitz on the phone to discuss our shared good fortune.
That’s when I caught on (yes, it took me a moment) to effectively respond, “Yeah, thanks but no thanks.”
Soon after, I reached the real Norb, as did some other Facebook pals, to flag him. He and wife, Elaine Feldman, notified the social network and in a few hours the bogus site was removed, hopefully never to be seen again.
This cloning episode got me thinking about some wider implications: While many individuals fall victim to expensive, disruptive and time-wasting cyberattacks, so do a lot of businesses. In fact, companies are increasingly up against new, more creative types of Internet hacking and are scrambling to defend themselves against online threats.
“Getting hit with some type of cybersecurity event is the new natural disaster for business. It can be catastrophic,” says Rob Clyde, board director of Rolling Meadows-based ISACA, a nonprofit industry association for digital information and technology issues, including cybersecurity.
A Facebook cloning or hacking attack could be devastating to a small-business operator, many of whom use the site to promote products, maintain business contacts and do bits of business.
Think about it. There’s an estimated 60 million small businesses with Facebook pages, according to Facebook.
Such a huge and growing universe is a natural target for hackers and ne’er-do-wells. Moreover, no matter how it tries, it’s nearly impossible for Facebook to proactively monitor every post, piece of content and network activity on its site.
As such, entrepreneurs are often the first line of defense against a nefarious hacker infecting or hijacking their page. If something is wrong, small-business owners should quickly complain to Facebook.
“Claiming to be another person violates our community standards and we remove profiles reported to us that impersonate other people,” a Menlo Park, Calif.-based Facebook spokeswoman said.
Oddly enough, targeting Facebook pages may become old-school, at least when it comes to online harassment of business, which is coping with a more emerging danger: Ransomware.
Incidents of ransomware are “just exploding” says ISACA’s Clyde.
Usually, a hacker will use malware to infiltrate a poorly protected data site, capture sensitive files and literally hold them hostage in an encrypted form beyond the company’s computer reach.
Oftentimes, the ransom is for a nominal amount, a few thousand dollars. The requested payoff can be made with the internationallyused bitcoins, which can signal the data kidnappers are an overseas gang, Clyde adds.
Cyber kidnappers also know something about customer service. Some will open a chat line with a company executive to help facilitate payment.
The FBI strongly urges companies not to pay and to report any ransomware threats to the agency and police. But it is not illegal to pay a ransom.
At risk are mid-sized enterprises, including law firms and health care concerns. Organizations become desperate to get back their data and justify the ransom as another cost of doing business in the Internet age.
“It’s a nuisance fee and they pay it,” Clyde adds.
If that seems odd to you, you’re not alone.
Paying off data kidnappers shouldn’t be such a gray area. Yet it seems to be a grudging admission that our cyber cops are having trouble cracking down on tech-savvy crooks and that real-time business needs can outweigh the moral imperative of not encouraging criminal behavior.
Still, anyone who has been victim of Internet scam artists realizes it pays to be resilient.
Case in point: My friend Norb is back on Facebook.
And hey, I’m still waiting for that $250,000 check.
Twitter @reedtribbiz
