Information Warfare: Scary Social Engineering


May 12, 2007: The Nigerian email scam continues to keep up with the times. Now these scammers are pitching a story involving an American soldier who, with some of his buddies, came across a stash of American currency, amounting to $750 million, in Iraq. His share was $20 million, but now he's dying and needs someone with an American bank account to help him get the money back to the United States. Supply your bank data (for electronic transfers) and you will get a generous commission. What actually happens is that, if you send your bank information, the scammers clean out your account.

The American FBI (Federal Bureau of Investigation) reports that this scam is the most frequent Internet related crime they have to deal with. The scary part of this is that so many people fall for this. It's a classic "social engineering" scam, where, instead of sneaky computer code, a clever bit of malarkey separates the victims from their assets. While this scam has made several Nigerians very wealthy, it also shows how vulnerable organizations are to losing valuable information via nothing more than an email message.

Security researchers have found many other ways to gain access to corporate, or military networks, with similar social engineering techniques. For example, just leaving some thumb (flash memory) drives around for your target population to pick up, will see many of the marks plugging the drive into a USB port, where your special software will inflect that system with whatever sneaky software you wanted to get in there. All the mark will see are some innocent files. But it gets worse. A pretty girl just coming up to a guy and asking for his password, works more frequently than you imagine.

So, for the moment, be grateful that the Nigerians are only after the contents of your bank account.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close