Written by Matt Polak, CEO of Picnic
About Picnic
Picnic’s Privacy as a Managed Service for the Enterprise protects those executives, employees, and contractors that threat actors will consider high-value targets of social engineering attacks. Picnic uses its proprietary technology to identify and analyze human risk and deliver prioritized remediations proactively and continuously without any effort on the part of the customer.
Scammers are getting smarter, and their tactics more sophisticated. They don’t just go after businesses or high-profile individuals anymore—they target everyday people, often during their most vulnerable moments.
We recently witnessed a heartbreaking scam of the type that triggered Jason Statham’s character in the movie “The Beekeeper.” In this real-life social engineering attack, the scammer targeted the mother of a recently deceased employee of one of our customers, a lady who also happened to be undergoing cancer treatment. She was scammed out of five figures at a time when medical bills must have been tough on her finances.
It started with a deceptive email that looked like a routine mistake. The message claimed she’d made a Bitcoin purchase and included a number to call if this was an error. The person on the other end pretended to be an FBI agent, weaving an elaborate story designed to make her afraid and compliant.
The scammer didn’t just stumble upon her by chance. They pieced together personal details about her life—available online—to make their story more convincing. Her vulnerability wasn’t just emotional; it was digital.
How We’re Helping
In response, our customer enrolled the victim in Picnic’s Digital Employee Protection service. Our goal is to make it much harder for scammers to exploit her information online. We work by identifying personal details scattered across the internet—on social media, public databases, and data broker sites—and removing as much of it as possible. We do it continuously to keep her digital footprint as minimal as possible, making her target profile less attractive to social engineers.
While we can’t undo the financial loss or the emotional toll this scam caused, nor can we fight scammers with fists or explosions the Jason Statham way, we can make it harder for them to target people in the first place. And we’ll keep working to give her and her family the peace of mind they deserve.
The Bigger Picture: Rising Online Scams
This story isn’t just an isolated incident. Online scams are on the rise globally. In 2023, the Federal Trade Commission (FTC) reported that consumers lost over $10 billion to fraud, marking a 14% increase from the previous year. Investment scams alone accounted for more than $4.6 billion of these losses. Additionally, the FTC’s Consumer Sentinel Network Data Book for 2023 highlighted that imposter scams were the most commonly reported, with nearly $2.7 billion in losses. The data also revealed a significant shift in scammers’ contact methods, with email surpassing text messages and phone calls as the most reported method in 2023.
Conclusion
“Safe at home, safe at work,” the saying goes in many industries, especially those that operate critical infrastructure. Protecting people, not just data, is at the heart of everything we do at Picnic. This is one of the many reasons our automated solution is scalable and can cover all employees and their families. Digital Employee Protection is not only about protecting people as a way to protect infrastructure and data but also about protecting the families of the people who operate the infrastructure that powers our way of life.