For the past few weeks, the world's least subtle web prankster has been making the rounds with various big bank CEOs, sending the email equivalent of “is your refrigerator running?” to the likes of Jes Staley and Mark Carney under the names of various board members and other likely correspondents. To our collective horror, he's actually gotten responses, demonstrating in theory if not in fact that financial cyber-security still has a ways to go in this godawful age of ceaseless hacking and phishing.
Just read that your; 'how did infrastructure week go?' Tweet won some online award for most humorous tweet - Trump will be so pissed ;)
We can't say for sure whether Harvey Schwartz uses winking emojis in his emails, so we'll give Lloyd some slack here. But not much. His response (sic):
I tweeted when landed in China how good their infrastructure was and that we had to catch up......seemed like a good way to bookend my trip.
A guarded message, to be sure. No gloating or anything. The prankster responded:
Absolute genius Lloyd. You've never thought of heading for Vegas with a standup act?!
You'd clean up. Although all the girls and gambling.. A man could get easily corrupted
To which Lloyd:
I'd settle for getting away with it.
Yes, Lloyd responded, but no, he didn't show is ass, which is more than Mark Carney can say. Still, one would hope that the CEO of the most important U.S. investment bank would maintain slightly higher email security standards, right? Shouldn't we, like, give a shit?
Goldman's answer: no. Here's one of their flacks, to Reuters:
When asked about the incident, a spokesman for Goldman Sachs in New York said: "In the aftermath of the elections in France and England, I would have thought Reuters had more consequential events to report on."
We get it. Goldman's PR team certainly has weightier matters to grapple with, and it's clear that Blankfein didn't do anything truly stupid here. But silly as all this is, email security matter. Just ask John Podesta.
But perhaps the best response from Goldman at this point would be: “At least we're not Citi.” From Financial News London:
In an email sent from the address firstname.lastname@example.org, the prankster alerted [CEO Micchael] Corbat and [consumer banking chief Stephen] Bird to an email trick he had earlier played on the Goldman Sachs CEO Lloyd Blankfein.... In his email to the Citi managers, the hoaxer suggested that the bank needed to take steps to prevent falling prey to a similar prank.
Corbat got back with a brief and mostly innocuous note, but the best responses came from Bird:
On Sunday 11 June at 20:01 ET, Stephen Bird replied:
Can never be too careful Mike. Hope that's our real Chairman!
Then, after another message from the not-real chairman about strengthening email security:
On Sunday at 20:09 ET, Stephen Bird replied:
Indeed, we are using a filtering system at the moment which is capturing most spam/non recognised new messages. You've probably seen it capture and then ask if you want them released back to your inbox. We can still do more. At least Lloyd was responsive...in the new economy that's something. Some of his peers are still getting their messages printed out. Lloyd should read "Thinking fast and slow" that might have helped him!
So yes, Lloyd might have goofed up. But judged in the ever-flattering light of Citi, he did just fine.
U.S. bank bosses succumb to email hoaxer [Reuters]
Email hoaxer catches out top brass at Citi and Goldman [Financial News London]