In the security industry we often focus heavily on new technologies and shiny new software, and forget that so much of what we see is dependent on the person behind the computer.
Today, a co-worker of mine was sent an email from someone she doesn’t know, with the following text:
“I’m writing this with tears in my eyes,my fam and I came down here to Wales,United Kingdom for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us.
We’ve been to the embassy and the Police here but they’re not helping issues at all and our flight leaves in less than 3hrs from now but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills,i’m freaked out at the moment.”
Being the kind and caring individual that she is, she was naturally concerned. Should she help these people out? Luckily she asked us first.
Unfortunately this type of cry for help is all too common, as we all know; an evolution of the Nigerian 419 spam. Though it has much better grammar, and does not entice us with the promise of thousands of dollars, it does play on the weakest link in the security chain; us.
Notice the feeling of helplessness (“…with tears in my eyes…”) combined with the sense of urgency (“…our flight leaves in less than 3hrs…). It is a classic example of a con.
You can have all the security in the world, the best and most expensive technology, but if you don’t educate yourself, and your co-workers… all these systems mean nothing. All you need is someone to open the door.