You may have seen a recent headline about a woman that put $50,000 in a shoebox and handed it to a stranger.  Maybe not.  I tend to travel in different circles than many people, keeping an ear out for the changes in the cybersecurity threat environment. 

But regardless, that’s an impressive headline!  When hearing this, you may be tempted to ask yourself “how many colors of crazy do you have to be to do that?”

From my 25+ years of working professionally in cybersecurity, I know for certain that you don’t have to be crazy at all for something like this to happen to you.  Social engineers, also called bad guys, threat actors, evil doers, scumbags, or [insert pejorative here], prey on all of us, knowing that given the right circumstances, there’s a chance they might be able to fool us out of our money.

This is a terrible story, for sure; however, what I do like about it is the excruciating detail in which it is told. And this isn’t your typical story of a grandma scammed out of her social security check. 

It happened to a journalist who, for the last seven years, has written a weekly personal finance column in the “Business” section of the New York Times.  That alone should give you pause – this is a highly intelligent individual, who somehow allowed herself to be carefully led down a rabbit hole, where the impossible seemed plausible and normal.

I encourage you to read it.  She’s a great writer.

The short story is that a team of social engineers worked together to fabricate a story that started off with Amazon and ended up with the FBI, FTC, and CIA (at least that’s what the scammers wanted her to believe).  They managed to escalate the story, increasing the temperature slowly over time, until they were able to get the woman to tell them “thank you” as they stole her money.

The main point to remember is that it doesn’t take a miracle for a social engineer to warp reality so that up is down and we find ourselves behaving in ways that we would normally scoff.

Here’s some quick pointers I shared with my family:

• Social engineers are skilled at mixing truth and lies so that facts disappear like a magician with a coin.  How do you boil a frog? Put it in a pot of cold water and slowly turn up the heat.
• Your personal data is already out there.  Don’t be impressed because a stranger seems to know about your intimate details – assume they do.
• Be wary whenever anyone tells you to keep something a secret – especially law enforcement.  All of us have seen enough good cop / bad cop routines on TV to know better than that.
• Remember to verify a caller using public information that you can find about them.  You can never trust caller ID to be truthful.

Share your pointers in the comments below.