Security's Everyman

Security's Everyman

Tuesday, October 30, 2007

It's not always what it seems to be

It's kind of ironic that after seeing and posting the Ziggy cartoon about the Nigerian email scams that The Register has an article about a HUGE loss due to email scams.

This reminds us of the importance of being very diligent in how we deal with what seems like legitimate emails. We all get them. More often than not they are SPAM or scams. They are getting more and more realistic now. I received one the other day pleading for money to buy Bibles for Christians in Russia or somewhere. I receive similar emails that are legitimate so that makes these hard to detect. The look of an email will go a long way in determining who will or will not act on it. This is true in business and in scams. The bad guys know this and they are starting to pay more attention to it. They are spending more time polishing their emails so that they will get looked at. That's half the battle. If they can get someone to open the email then there is a much better chance that they will take action on it. Hopefully that action will be to delete it, but often enough it is to click on the link, reply to the plea and then get infected or have their ID stolen or bank account emptied.

We must be careful with all email even those that we receive from people we know or think we know. The incident with SuperValu is a great example of how "blind trust" can really hurt. The emails looked legitimate. The seemed to be from a known and trusted source. Yet it cost the company more than $10 million dollars. All because internal controls broke down. All because everything "looked" right.

You could argue several positions on this. Lack of a good User Awareness program was at fault. Not having good internal policy and controls played a part in this. Having both of these in place could have gone a long way in preventing this but nothing works as well as common sense and due diligence to ensure that things are as they seem.

So, what do we learn from this? Have the proper framework in place. UA program, policy, controls and encourage your people to think. Thinking is the thing that really can make a difference and prevent something really bad from happening.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.