On November 18, 2018, Amazon founder Jeff Bezos received a WhatsApp message on his iPhone X. The message was from Mohammad Bin Salman, the Crown Prince of Saudi Arabia, with whom Bezos had exchanged numbers months before. What Bezos did not know was that the message contained malware, which transmitted his private data back to the hackers who sent the message.
Bezos was targeted because his news publication, The Washington Post, published work by murdered Saudi Arabian political dissident Jamal Khashoggi. Saudi-backed hackers hoped to use his personal data to gain influence over Bezos in retaliation.
The implication of this is troubling for high-profile VIPs: If Jeff Bezos, the richest individual in the world, can be hacked, you can be, too.
The average cybercrime breach can cost the victim $4M, including legal representation, remediation, and loss of reputation among potential clients or customers. By 2021, global cybercrime will have cost businesses and individuals $6T. At the time of publication, 90 percent of all companies are currently breached.
Even at the highest level, hacks can happen. While many VIPs employ security teams to keep their or their business data safe, it’s important to remember: If you are a government official, celebrity, high-profile CEO, activist, or public figure, you are always a target.
Cybercrime can happen to anyone, but the higher your net worth, the larger a target you are.
What Do Hackers Want?
Hackers who target high-level individuals are often after your personal and financial data. Beyond putting your finances at risk, this personal information can also be used to blackmail or extort you for money.
And the threat doesn’t stop there. Sophisticated criminals can use personal data to scam family and business partners using your accounts and information. Most seriously, these hackers can use your accounts to commit crimes that leave a trail of evidence leading back to you.
In the case of Jeff Bezos, experts agree that the Pegasus software used to target him is even more insidious than it seems. Many times, individuals who are targeted by this and similar software don’t even need to answer a call or text containing this malware for their phones to be compromised. Similarly, there are many aspects of daily life at the VIP level that can easily make individuals vulnerable to cyberattacks.
Social Media
In recent years, engagement with social media has become absolutely necessary for entertainers, athletes, and public figures. Some dangers of social media posts are more obvious, like posting your location publicly. If you post locations in real time, it can give potential thieves knowledge about your whereabouts. (Famously, Kim Kardashian was robbed at gunpoint in 2016 in her Paris hotel room after sharing her location on social media.)
But what many social media users may not realize is that innocuous posts can give criminals details about you and your life. Hackers can use these details to impersonate you as part of a scam, or to speculate as to what valuable data they may be able to find in your private email or other accounts. To protect yourself, it may be a good idea to discuss your social media strategy with a cybersecurity consultant.
Travel
When travelling for business trips, awards shows, or even vacations, security risks are everywhere. Unsecured networks, like hotel, airport, or coffee shop Wi-Fi networks, should never be used. Instead, use a secured network or the hot spot on your smartphone.
Some public Wi-Fi networks can even be fake, which hackers can use to download information from your phone. You should also avoid syncing your phone with a rental car, as hackers can plant malware in the car’s systems to steal data. Keep your data secure by avoiding public chargers like those in hotel rooms or at charging stations at airports. These are easy, often overlooked ways for criminals to steal your information.
Email and Text
In recent years it has become increasingly simple for potential hackers to impersonate email accounts and cell phone numbers. A popular method is for criminals to pose as an employee, financial advisor, friend, or even family member to get approval for a financial transaction. Always take the time to verify these requests, either by calling the person requesting the monetary transfer directly or speaking with them face-to-face.
Phishing emails are also incredibly popular. These emails can often come from accounts that are similar to businesses, newsletters, or your own contacts. To guard against these, never click on a link or open an attachment from an unexpected email you do not recognize.
Banking and Finance
Criminals can call you using spoofed numbers to impersonate your bank, business management company, or even the IRS. Whenever you receive a call asking for personal data, always hang up and call back the number on that institution’s website. The best way to verify that the company that is calling you is legitimate, is to speak to a live employee.
It’s important to remember that government agencies such as the IRS will never ask for personal information or demand payment over the phone. They will normally communicate via letter and will not ask for your Social Security number.
Easy Ways to Secure Your Data
If you haven’t already, consider hiring a cybersecurity expert to evaluate your risks and draft a security plan. Only give out your direct phone number to family and necessary personnel, like direct employees. It may also be a good idea to conduct sensitive business on a separate device from your normal phone.
In this day and age, we use dozens of secure accounts in our daily life. Each account you use should have a strong, secure, and unique password. These passwords should have 12 or more characters and utilize upper-case characters, lower-case characters, numbers, and special characters such as exclamation points or ampersands. Whenever possible, set up two-factor authentication for your accounts. This will send an activation code to your phone via call or text, so your account can verify it really is you logging in.
If you are concerned about remembering your passwords, do not write them down in a Word document or on a sticky note. Use a safe password manager, such as 1Password, LastPass, or KeePass.
Keep all software up to date. Updates for operating systems or apps often include tighter cybersecurity measures. It’s also important to install a reputable antivirus software and anti-malware software on any computers that have important data. Never connect unknown USB flash drives to your computer, and make sure you maintain computer backups offsite.
Cybercrime can happen to anyone, but the higher your net worth, the larger a target you are. By taking steps to protect your personal data and being aware of common hacking tactics, you can protect yourself from cyberattack.