Tee hee! Reminds me of something I read once about the Nigerian Prince email scams — apparently they're made deliberately fake-looking to weed out people too smart to fall for it. They only want to spend time on likely marks.
What an interesting idea. I'm so far removed from people who turn sales ability into fleecing people that I'd never thought of it that way. But it does make sense.
One of my techs brought up a virtual machine (created the session in about 30 seconds while on the phone — he was pretty good) and allowed a scammer who had called into the new instance. We had a pretty solid, I mean really solid, network security system so there was no danger there. We all gathered around to watch as he played dumb and let the guy show him how the newly created instance was full of viruses. My tech strung the guy along until we were all bored then verbally beat him up for a bit and hung up. The scammer was not very good so it was no fun after a while. But it was interesting to watch.
Smart guy! From my extensive experience with corporates, all of them worry about the electronic security of their systems and none of them pay enough attention to their people either falling for scams like that or just doing stupid things. An entire major government department we were at was brought down by someone plugging in a flash drive with a virus on it. They should worry a lot less about the hardware, which is usually well protected, and concentrate on the wetware. Most of them are receptive to this advice, BTW, but only after their system has been hacked. The others aren't receptive even then.
There is a company (https://www.knowbe4.com/phishing-security-test-offer-ga-nav?matchtype=e&network=g&device=c&adposition=&keyword=how%20to%20stop%20phishing%20emails&utm_term=how%20to%20stop%20phishing%20emails&utm_campaign=Google_NonBrand_Phishing_Security_Search&utm_source=google&utm_medium=ppc&hsa_acc=8424457137&hsa_cam=8063980920&hsa_grp=83079939043&hsa_ad=396237260607&hsa_src=g&hsa_tgt=kwd-336265111151&hsa_kw=how%20to%20stop%20phishing%20emails&hsa_mt=e&hsa_net=adwords&hsa_ver=3&gclid=Cj0KCQiAnuGNBhCPARIsACbnLzora8ejUauraBHDX2grEbEOIoAIcMUGTgVaQWAAPSJ11M3cAf3c8qcaAhoTEALw_wcB)who you can pay to train for this. I looked at them more than once to make them part of our commercial support offering. I'm with you. This is the most important vulnerability to attach but it is seldom worked on.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
bill_schubert
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2021-12-13 21:54 (UTC)no subject
Date: 2021-12-14 10:45 (UTC)no subject
Date: 2021-12-14 16:56 (UTC)One of my techs brought up a virtual machine (created the session in about 30 seconds while on the phone — he was pretty good) and allowed a scammer who had called into the new instance. We had a pretty solid, I mean really solid, network security system so there was no danger there. We all gathered around to watch as he played dumb and let the guy show him how the newly created instance was full of viruses. My tech strung the guy along until we were all bored then verbally beat him up for a bit and hung up. The scammer was not very good so it was no fun after a while. But it was interesting to watch.
no subject
Date: 2021-12-14 23:36 (UTC)no subject
Date: 2021-12-14 23:55 (UTC)