May 12, 2007:
The Nigerian email scam continues to
keep up with the times. Now these scammers are pitching a story involving an
American soldier who, with some of his buddies, came across a stash of American
currency, amounting to $750 million, in Iraq. His share was $20 million, but
now he's dying and needs someone with an American bank account to help him get
the money back to the United States. Supply your bank data (for electronic transfers)
and you will get a generous commission. What actually happens is that, if you
send your bank information, the scammers clean out your account.
The American FBI (Federal Bureau of Investigation)
reports that this scam is the most frequent Internet related crime they have to
deal with. The scary part of this is that so many people fall for this. It's a
classic "social engineering" scam, where, instead of sneaky computer code, a
clever bit of malarkey separates the victims from their assets. While this scam
has made several Nigerians very wealthy, it also shows how vulnerable
organizations are to losing valuable information via nothing more than an email
message.
Security researchers have found many other ways to
gain access to corporate, or military networks, with similar social engineering
techniques. For example, just leaving some thumb (flash memory) drives around
for your target population to pick up, will see many of the marks plugging the
drive into a USB port, where your special software will inflect that system
with whatever sneaky software you wanted to get in there. All the mark will see
are some innocent files. But it gets worse. A pretty girl just coming up to a
guy and asking for his password, works more frequently than you imagine.
So, for the moment, be grateful that the Nigerians
are only after the contents of your bank account.