In the security industry we often focus heavily on new technologies and shiny new software, and forget that so much of what we see is dependent on the person behind the computer.
Today, a co-worker of mine was sent an email from someone she doesn’t know, with the following text:
“I’m writing this with tears in my eyes,my fam and I came down here to
Wales,United Kingdom for a short vacation unfortunately we were mugged
at the park of the hotel where we stayed,all cash,credit card and cell
were stolen off us but luckily for us we still have our passports with
us.
We’ve been to the embassy and the Police here but they’re not helping
issues at all and our flight leaves in less than 3hrs from now but
we’re having problems settling the hotel bills and the hotel manager
won’t let us leave until we settle the bills,i’m freaked out at the
moment.”
Being the kind and caring individual that she is, she was naturally concerned. Should she help these people out? Luckily she asked us first.
Unfortunately this type of cry for help is all too common, as we all know; an evolution of the Nigerian 419 spam. Though it has much better grammar, and does not entice us with the promise of thousands of dollars, it does play on the weakest link in the security chain; us.
Notice the feeling of helplessness (“…with tears in my eyes…”) combined with the sense of urgency (“…our flight leaves in less than 3hrs…). It is a classic example of a con.
You can have all the security in the world, the best and most expensive technology, but if you don’t educate yourself, and your co-workers…all these systems mean nothing. All you need is someone to open the door.