& nbsp
Author: Graeme Hudson, Vice-President of Crisis & Security Consulting, Crisis24
I am a hitman, hired to kill you, but I see that you are a good man. If you pay me $ 5,000, I will cancel the work, otherwise I come to your home to kill you and your wife. This message appeared one morning in the reception box of a financial director. Questions have run in his mind: who sent this? Do I have to worry? It was not the first time that experts have seen such tactics, similar cases appearing frequently each year.
Digital surveys have confirmed that the scripts paired with the formulation sold on the Dark Web. The message lacked specific knowledge on the CFO – no name or address was mentioned. It was also established that his email had been compromised in a data violation on social networks. It was simply a scam targeting many victims, similar to the e-mails “Sextoming” in previous years. Like many organizations, the CFO company lacked security resources to support staff in such situations.
Evaluate the credibility of threats
For organizations without dedicated security resources, these moments can be disturbing. Threats can arrive via various channels: text messages (including WhatsApp, Signal), vocal calls, emails, physical mail and social media. The priority is always to assess credibility before action. Can someone do a threat, but does it mean?
Threat actors cover many categories: unhappy employees or ex-employees, obsessed people, angry customers or malware. For some leaders, the volume of threats can quickly overwhelm them as well as their security teams – in particular those associated with politically divided organizations. The targeted assassination of the CEO of United CEO, Brian Thompson, in December 2024, was a brutal reminder of the real threats facing business leaders and high -level people.
Treat digital threats
Threats must be evaluated quickly, by reducing those who have no credibility while focusing on individuals who pose real physical damage. Although easier to say than to do, effective sorting is essential. The police are mainly focused on collecting evidence rather than the evaluation of threats in real time; The burden often falls to the organization or the individual to determine what requires urgent action.
In a case, the leadership of an organization was faced with a reaction from social media triggered by a high -level critic. Personal details have been published alongside the names of the executives, drawing thousands of comments – many explicitly threatening violence. Immediate security guidelines have been published during a more in -depth assessment, priority being the security of the personnel.
A structured approach to threat assessment poses six key questions:
- What was said? Is the threat explicit or implicit?
- What do they want? Is there a demand for extortion or do they purely threaten to harm?
- Who are they? What identification information can be extracted (such as telephone numbers, email addresses, metadata, etc.)?
- What is the reason? Often financial, although when money is not mentioned, deeper reasons may exist.
- Do they have capacities and intentions? Can they perform their threat and do they mean what they say?
- What options exist for both the victim and the threat actor? What is likely to happen next, and how to protect the target?
During the management of mass digital threats, the establishment of capacity is the first priority. In this case, all threatening accounts have been identified, geolo -featured users and the historical activity analyzed. The targeted leaders were based in southern England, while the individuals behind the threats were largely outside the United Kingdom. Most of them were in the United States and the closest geographically in West Africa. Although the trip has remained theoretically possible, this context has reduced the probability of a credible threat.
A consultant in response in crisis was mobilized to provide strategic advice on the management of the situation while forensic research was carried out in the profiles of threat actors, including image analysis to verify geolocation data. In some cases, psychological profiling is used to distill behavioral information directly from the language of the threat.
The landscape of evolving threats
For organizations, taking proactive measures to monitor emerging risks can make a difference. Events such as AGMs, financial disclosure or leadership changes often trigger increased threat activity. Early identification of individuals or high -risk groups allows strategic monitoring, the deployment of guarantees before climbing.
The landscape of modern threats evolves – becoming more personal, frequent and sophisticated. Responding effectively means finding a balance between urgency and rational decision -making. Good expertise can reduce noise, allowing rapid and enlightened action that guarantees safety without unnecessary alarm.