Gone Phishing

By Ben Halpert — November 07, 2008

It is with mixed emotions that I write this month's article for Mobile Enterprise magazine, as it will be my last. You see, I have just been informed that I am the heir to a $100 million fortune. I did not know my dear, dear late-uncle, but apparently he included me in his will. Nor did I know he lived in Nigeria, but he obviously thought well of me from such a great distance!

I followed the instructions sent to me via email: Send full legal name, address, social security number, bank account and bank routing number in a reply email. I have been told in the past: Do not open an email from an unknown party; Delete the unknown email immediately; Do not respond to the email; Do not unsubscribe from unknown emails; Do not open unknown or unexpected attachments•but we are talking about $100 million!!

It makes perfect sense that the executor handling my extremely wealthy late-uncle's estate would need this information to verify my identity and directly deposit $100 million into my account.

Next, I called my local bank informing them of the rather large deposit they should be expecting in my account. The bank was thrilled; I alone will be keeping it from declaring bankruptcy and thus preventing the federal government from having to prop up one more financial institution. 

Update: Apparently the email from Nigeria was a scam. I really don't have a dear, dear late-uncle who left me $100 million. I now owe my bank $100 million, assuming it can stay in afloat. My identity was stolen and I no longer have good credit. So, yes, I will continue to write for Mobile Enterprise magazine while I work towards clearing my credit history.

Does your organization provide awareness training to ensure that employees don't fall prey to the latest phishing scam? Learn from my erroneous ways. Do not let employees get caught in the phishing net. Help them understand that if something seems too good to be true, it most certainly is.

Gotta run -- it's time to click the link to verify my password at my bank. Wait, do I even bank there? I must. The bank sent me an email, after all!


Ben Halpert, CISSP, is an information security researcher and practitioner and writes monthly about security. Comments, questions and requests can be sent to him at editor@mobileenterprisemag.com; please include SECURITY in the subject line.

POST A COMMENT

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 0 (0 ratings)

MOST READ STORIES

topics

Must See


FEATURED REPORT

EKN Research: How Mobile is Driving Personalized Context and Engagement

Retailers and hospitality enterprises are well aware that mobile technologies must be driving consistently high standards of in-store or in-location customer engagement. These are key imperatives for customer relevance, financial gains, loyalty and brand advocacy. However, more often than not, such standards break-down in stores due to a wide variety of reasons. Download this benchmark report to understand how mobile is driving a more personalized engagement and key business pains, performance and capabilities related to in-store customer engagement.