The Cyber Chronicles | Episode 6 – Anatomy of an Email Scam

Scammers in Action.

Ever thought, “How the heck do they know that!?”

Me, too. Let’s expose how easy it is these days …

We’ve talked quite a bit about information in these articles, either directly or indirectly, and if you’ve noticed that, I’m doing my job. Across the pages of history are scattered periodic and uncommon tectonic shifts in the daily lives of humanity related to the proliferation of a new technology. One thinks of the Iron Age, the Renaissance, the Industrial Revolution, and we now live in the midst of the Information Age. The colossal impact of these phenomena are obvious in retrospect, but often challenging to accommodate in the present.

The foreshocks of the Information Age began with the invention of the printing press, but the ubiquitous adoption of the Internet as a presupposed fact of daily life has rocketed us into a new era of the Information Age. As a result, if we don’t want to be knocked over by the subsequent tsunami of reality, we must forge new habits and a new “normal.” My goal with these episodes is to reveal some of the new realities in a vivid manner, so that the rationale for change becomes embedded in our consciousness and subsequent behavior modification almost automatic.

AWARE

We’re probably all familiar with the common phishing email asking for the purchase of gift cards. We stop waves of them on a regular basis where I work, and we’ve seen a new degree of sophistication recently that serves as a great example.

This story starts with an email sent to someone who knows a coworker of mine.

snippet1

Now Mr. Ide knows Ms. Bessmer and is an IT health care professional, so he is not fooled by this familiar scam. But he also can’t resist responding to the scammer …

snippet2  

But this scammer is not to be discouraged. Despite having been called out for scummy behavior, they’re going to try harder.

snippet3

So let’s pause here and see if we can figure out how the scam artist knew that Lorraine and Michael know one another.

A quick internet search for “Lorraine Bessmer” returns as its fourth result the Idaho Chapter of HIMSS (Healthcare Information and Management Systems Society). Clicking on that returns the almost certain source of our scammer’s seemingly inside information. (I hope you still recall that specificity conveys authenticity.)

snippet4

Now I doubt you noticed (though I’m sure our erstwhile hacker did), but the information contained in this webpage and the information contained in Michael’s email didn’t match, and as a result the cyber criminal now has more information than they started with. By comparing the different phone number on the webpage with the phone number helpfully provided by Michael’s reply email, the hacker now knows both his office and mobile phone numbers, and which is which. If you remember our earlier story on SIM Jacking, you recognize that Michael is now more vulnerable to having his identity stolen, and it’s really not that difficult.

snippet5

 

It was Lorraine who first brought this episode to my attention, and I’m happy to report that the local chapter of HIMSS has modified its webpage so it no longer displays any personally identifiable information. The group serves as a great example of rapidly adjusting to our new reality. May we each follow this lead. And, please, try to resist replying to any suspicious email! Few of us are “woke” enough to realize what we’re accidentally giving away.

Perhaps you’ve wondered why your company encourages you not to use your corporate email for personal correspondence … well, now you know! And, of course, there are five more anecdotes we could cite …

PREPARE

You may be about ready to become a Luddite and swear off all technology, but that’s not really realistic is it? Once we are aware of what’s going on and know why we need to care, we have the opportunity to prepare. Think about how our kids take technology for granted. My middle daughter asked me a few days ago how I drove without GPS and couldn’t understand why I started laughing. I guess I’m going to have to give her some pre-technology preparation … us old dogs are still good for something!

If we will simply adjust to the new paradigm we’re already living in, we can all accommodate to what responsible means in the late stages of the Information Age. So sally forth with a new comprehension of how readily available our personal and corporate information is and become a paragon of informational virtue, freshly scam resistant!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s