It was 5.40pm and my phone was ringing. I didn’t know it at the time but this was going to be one of “those calls”, I’d had one last year too. My friend had just left the bank after being grilled by them for 5 hours. The day previously someone had entered the bank, confirmed their identity and proceeded to clear out all her bank accounts and investments. The bank had thought that the thief had come back to finish off the job, thinking it was her they grilled her for 5 hours. The bank, in the end, managed to recover about half of her money but the rest had gone.
We had a chat and it came to me quite quickly that over the past month or so, someone had been slowly gathering information on her (hindsight is a terrible thing). Her phone went missing for a day only to reappear, the strange phone calls from “Microsoft Support”. All of which may have rung alarm bells for someone who had been trained in CyberSecurity but unfortunately she hadn’t, but that isn’t surprising. Only 15% of employees are trained in CyberSecurity.