It is with mixed emotions that I write this month's article for Mobile Enterprise magazine, as it will be my last. You see, I have just been informed that I am the heir to a $100 million fortune. I did not know my dear, dear late-uncle, but apparently he included me in his will. Nor did I know he lived in Nigeria, but he obviously thought well of me from such a great distance!
I followed the instructions sent to me via email: Send full legal name, address, social security number, bank account and bank routing number in a reply email. I have been told in the past: Do not open an email from an unknown party; Delete the unknown email immediately; Do not respond to the email; Do not unsubscribe from unknown emails; Do not open unknown or unexpected attachmentsâ€¢but we are talking about $100 million!!
It makes perfect sense that the executor handling my extremely wealthy late-uncle's estate would need this information to verify my identity and directly deposit $100 million into my account.
Next, I called my local bank informing them of the rather large deposit they should be expecting in my account. The bank was thrilled; I alone will be keeping it from declaring bankruptcy and thus preventing the federal government from having to prop up one more financial institution.
Update: Apparently the email from Nigeria was a scam. I really don't have a dear, dear late-uncle who left me $100 million. I now owe my bank $100 million, assuming it can stay in afloat. My identity was stolen and I no longer have good credit. So, yes, I will continue to write for Mobile Enterprise magazine while I work towards clearing my credit history.
Does your organization provide awareness training to ensure that employees don't fall prey to the latest phishing scam? Learn from my erroneous ways. Do not let employees get caught in the phishing net. Help them understand that if something seems too good to be true, it most certainly is.
Gotta run -- it's time to click the link to verify my password at my bank. Wait, do I even bank there? I must. The bank sent me an email, after all!
Ben Halpert, CISSP, is an information security researcher and practitioner and writes monthly about security. Comments, questions and requests can be sent to him at email@example.com; please include SECURITY in the subject line.