The Goldman Sachs technology M&A team, led by Sam Britton, has cashed in on its software focus and decades of experience to dominate 2019's biggest deals.Technologyread more
American small and medium-size companies that rely on China are scrambling to adjust their business plans in response to the escalating trade war.Traderead more
Here are the products that stand to be the most affected by China's new tariffs on $75 billion worth of U.S. goods.Marketsread more
The summit comes amid fears over a global economic slowdown, and U.S. tensions over trade allies, Iran and Russia.Politicsread more
The world's second biggest economy is past a point where it cannot ignore its enormous debt anymore, according to an analyst.China Economyread more
Carl Medlock used to work at Tesla. Now he's one of the few people in the U.S. that can fix the company's original Roadster electric vehicles.Technologyread more
Trump does have some powerful tools that would not require approval from U.S. Congress.Politicsread more
Stocks dropped after Donald Trump ordered that U.S. manufacturers find alternatives to their operations in China.US Marketsread more
As demand for lab monkeys continues to rise, U.S. scientists are reporting delays in research projects because they can't obtain enough animals, according to the National...Politicsread more
The European Union will respond in kind if the U.S. imposes tariffs on France over digital tax plan, EU chief Donald Tusk told G-7.Technologyread more
Trump said he will raise tariffs on $250 billion in Chinese goods to 30% and hike duties on another $300 billion in products to 15%.Politicsread more
An unknown party sent out a letter touting BlackRock CEO Laurence D. Fink's newfound dedication to environmental causes. A press release quickly followed, debunking the hoax email and also saying such a move wouldn't be good for the BlackRock's "short-term profitability." A BlackRock website was set up to house both these communications. Major media outlets, including CNBC.com and The Financial Times, quickly picked up on the news.
None of it was real.
The entire incident offers a masterclass in spoofing and the potential damage it can do. Like the hacked AP Twitter account that tanked markets in 2013 by tweeting fake frightening news, the spoofs show how common social engineering tactics can be injected into the news cycle, confusing investors and the public.
It's unclear who is behind the incident -- it would appear to be a person or organization with an environmental agenda. But whoever it was, they put a lot of time and effort in a campaign that would put BlackRock on the spot. Here's why it was a good example of the power of well-executed social engineering.
Social engineering is a catch-all term used in cybersecurity to mean the practice of making you feel like you need to do something that is in the best interest of the social engineer, who is often a criminal.
Great social engineering can make you feel like you urgently need to send someone money, or lull you into a sense of security by convincing you a friend, colleague or professional is asking you a simple question.
Some common tactics are: "What's your account password, so I can check your account for fraud?" or "Can you send your latest tax return so we can finish processing your application?" Social engineers essentially find an emotional hook -- your desire to help, your willingness to not create friction or, in this case, the desire of most journalists to be the first to jump on a good story.
The attackers in this case were quite sophisticated. They created a web and email presence almost indistinguishable from the real thing.
The website created by the spoofers is quite detailed. The only "tell" is a URL that points back to blackrockesg.com rather than the real BlackRock web address -- blackrock.com. Every other link on the spoofed website, including references to Fink's past investor letters, leads back to the real BlackRock website.
The original email purporting to be from Fink was long, detailed and included the corporate-speak so common in real investor letters. The spoofers also anticipated a quick denial, and already had a fake press release prepared that itself took subtle digs at the hedge fund, implying it wouldn't take the suggested pro-environmental stance because it wasn't good for "profitability."
"With climatic threats positioned to destabilize markets at ever greater levels in 2019 and beyond, BlackRock is determined to take a leadership role in building a Paris-compliant economy," the fake letter read. "We will begin this work by divesting from coal companies in our actively managed funds. Within 5 years, more than 90% of our 1000+ investment products will be converted to screen out non-Paris compliant companies such as coal, oil, and gas, which we see as declining and endangered."
It was not immediately clear who was hosting the spoofed website, and BlackRock could not be reached for comment on whether they were working to have the site removed.