Representatives from the Chinese side say they think it likely that Chinese President Xi Jinping will attend the G-20 meeting later this month. But in order to reach a trade...China Economyread more
Software engineers straight out of college often make six-figure salaries, not counting equity compensation.Technologyread more
Wall Street, though, is clamoring for a rate cut, with an 85% chance of a move in July and a 61% probability of three reductions by year's end.The Fedread more
The flattening of the yield curve is exuding a bad omen for the stock market if history is any guide.Marketsread more
Hong Kong Chief Executive Carrie Lam announced at a press conference on Saturday that a contentious bill to allow extraditions to mainland China has been put on hold.China Politicsread more
Using MIT's living wage calculator, CNBC Make It mapped out the minimum amount a single parent must earn to meet their basic needs without relying on outside help in every...Earnread more
Stratolaunch, the world's largest airplane, which flew once, is up for sale, sources familiar told CNBC.Investing in Spaceread more
Transparency is key… or is it? With the first-ever non-transparent, actively managed exchange-traded fund receiving approval from the SEC, "ETF Edge" goes straight to the...ETF Edgeread more
Mired in a crisis over its best-selling 737 Max plane, Boeing could hand the spotlight over to its rival Airbus at the Paris Air Show.Airlinesread more
A new update to the Apple Watch called watchOS 6 will notify you if the environment you're in is too loud and could damage your hearing.Technologyread more
An unknown party sent out a letter touting BlackRock CEO Laurence D. Fink's newfound dedication to environmental causes. A press release quickly followed, debunking the hoax email and also saying such a move wouldn't be good for the BlackRock's "short-term profitability." A BlackRock website was set up to house both these communications. Major media outlets, including CNBC.com and The Financial Times, quickly picked up on the news.
None of it was real.
The entire incident offers a masterclass in spoofing and the potential damage it can do. Like the hacked AP Twitter account that tanked markets in 2013 by tweeting fake frightening news, the spoofs show how common social engineering tactics can be injected into the news cycle, confusing investors and the public.
It's unclear who is behind the incident -- it would appear to be a person or organization with an environmental agenda. But whoever it was, they put a lot of time and effort in a campaign that would put BlackRock on the spot. Here's why it was a good example of the power of well-executed social engineering.
Social engineering is a catch-all term used in cybersecurity to mean the practice of making you feel like you need to do something that is in the best interest of the social engineer, who is often a criminal.
Great social engineering can make you feel like you urgently need to send someone money, or lull you into a sense of security by convincing you a friend, colleague or professional is asking you a simple question.
Some common tactics are: "What's your account password, so I can check your account for fraud?" or "Can you send your latest tax return so we can finish processing your application?" Social engineers essentially find an emotional hook -- your desire to help, your willingness to not create friction or, in this case, the desire of most journalists to be the first to jump on a good story.
The attackers in this case were quite sophisticated. They created a web and email presence almost indistinguishable from the real thing.
The website created by the spoofers is quite detailed. The only "tell" is a URL that points back to blackrockesg.com rather than the real BlackRock web address -- blackrock.com. Every other link on the spoofed website, including references to Fink's past investor letters, leads back to the real BlackRock website.
The original email purporting to be from Fink was long, detailed and included the corporate-speak so common in real investor letters. The spoofers also anticipated a quick denial, and already had a fake press release prepared that itself took subtle digs at the hedge fund, implying it wouldn't take the suggested pro-environmental stance because it wasn't good for "profitability."
"With climatic threats positioned to destabilize markets at ever greater levels in 2019 and beyond, BlackRock is determined to take a leadership role in building a Paris-compliant economy," the fake letter read. "We will begin this work by divesting from coal companies in our actively managed funds. Within 5 years, more than 90% of our 1000+ investment products will be converted to screen out non-Paris compliant companies such as coal, oil, and gas, which we see as declining and endangered."
It was not immediately clear who was hosting the spoofed website, and BlackRock could not be reached for comment on whether they were working to have the site removed.