Tuesday, 18 November 2014

Phish tales

I like stories about phishing scams, I’m not sure why, I suppose I like to hear about scamps being inventive.

There’s nothing new here, but it’s interesting nonetheless. The guy being phished acted on a feeling that something was wrong and took pains to investigate.  We can all learn from that example.  I’ve found myself – in hectic and distracted moments – nearly falling for phone- and email-based social engineering attacks. My bank telling me my card had been used abroad (I happened to be abroad at the time and the phone scammer adapted to this news by asking me to confirm details of the transaction. A very nice try). Someone claiming to be from HR in a university I had just started working for asking me to confirm details (they called every number in the department. The people who hadn’t just started working there mostly assumed it was a wrong number). Someone asking me to write a reference for a friend (I might have fallen for that one, but I’d already thought it up as a possible attack. It’s kind of a hobby, I’m afraid.)

We all need to develop that feeling that something’s wrong. There’s no reason to expect that the person on the phone is who they say they are, no matter what they seem to know about us. Cold reading is a skill that isn’t even slightly difficult to develop and I’m under no illusion that I couldn’t be fooled by a moderately talented cold reader.  And I’m constantly on the lookout for that kind of thing.

Five senses my arse. We routinely and constantly sense when something ain’t right.

No comments:

Post a Comment