Adam Eric Junkroski
You hear a lot about the technical end of cybersecurity—two factor authentication, fire walls, encryption—but not nearly as much about what is often the weak link in any cybersecurity plan: people.
When your staff isn’t familiar with what a scam looks like when it crosses their communications, they can be inadvertently tricked into making a mistake that opens your business to theft and a world of hurt. When they are familiar, however, you have a great line of defense against the things that go bump on the internet.
And sometimes, those employees get a little sick and tired of dealing with scam artists, and fight back the only way they can—by stringing the crook along until they give up. A Botkeeper employee recently received a text message purporting to be from our CEO, Enrico Palmerino. They recognized it was a scam, and rather than just blocking the caller and reporting the incident, they decided to entertain themselves for a bit by engaging the criminal a little.
What follows is the text of the conversation.
|
Scammer: Hi, [name of employee redacted] |
|
Employee: Who is this, please? |
|
Scammer: Enrico |
|
Employee: Oh wow, urgent, huh? |
|
Scammer: Where are you right now? |
|
Employee: I’m at the office still |
note—this employee is not located near our offices, and works from home.
|
Scammer: I need you to check something for me from the nearest store. |
|
Employee: You mean the Walgreen’s downstairs? |
|
Scammer: Yeah. |
|
Employee: Oh yeah. They do, I grabbed one this morning for the new client. |
|
Scammer: Text me when you get there to confirm what they have in stock. |
|
Employee: Oh okay. |
|
Scammer: Send me the pictures of the denominations they have. |
|
Employee: Hey, so I was wrong. But they do have cards for Williams Sonoma. I got this great crock pot once. I think they carry all kinds of sauces, too. Do you think the client might want sauces? There’s BBQ, Hoisin, Sweet and Sour… |
|
Scammer: Send me pictures of what they have on the racks. |
|
Employee: Oh wait, I’m just thinking about the Asian sauces. We could probably get Mexican sauces. You know, like hot sauce. Okay sure. |
|
Employee: Oops wait, that’s not right. Hold on.
|
|
Scammer: It is easier to send picture. |
|
Employee: Oh! They have a whole thing of like Bearnaise over there, too. Soo creamy. I’ll try again, hold on.
|
|
Employee: Oh damn, that’s my dog. Grr. So annoying. |
(Some minutes pass)
|
Employee: Okay. I got the store manager, he’s trying to take a photo to send to me. |
|
Scammer: Send me picture of it. |
|
Employee: Ha! He was just telling me about how his grandma dropped a whole jar of sauce Ok. He’s trying to take a photo now. I gave him your number, he’ll send it to you in a sec. Okay, he just sent it. They really do have a ton of them. It’s so weird, you’d think [people don’t like sauce or something. We good? I have the corporate credit card. Finance just paid it off, so there’s all |
|
Scammer: I didn’t get the pictures. |
|
Employee: No? Weird. Hold on… OMG, he accidentally sent the photo to his grandmother! I’m supposed to use the MasterCard, right? Should I just buy these |
|
Scammer: I need apple gift cards now sonoma |
|
Employee: So—Apple AND Williams Sonoma? Wow, super generous! The clients will love that. Okay, I’ll buy the lot. Use the MasterCard? |
|
Scammer: Bye. |
|
Employee: Wait, Enrico, hold on. I think I got the photo to work… |
|
Scammer: Why is it so difficult to listen to my instruction? |
|
Employee: Oh, not difficult at all! Just having some phone issues. Sit tight.
|
(the employee downloaded a photo from the internet)
|
Employee: Can you see that? |
|
Scammer: Yeah |
|
Employee: They have Chick-Fil-A too! |
|
Scammer: I don’t see any apple gift cards on the rack. |
|
Employee: They have app store cards. Want me to try another store? |
|
Scammer: Can I see the app store card |
|
Employee: Oh wait, they have Starbucks. You could do coffee. |
|
Scammer: What’s the values on the amazon cards |
|
Employee: Hmm lemme see. $25, $50, $100 |
|
Scammer: Send me clear picture of the amazon card on the rack. |
|
Employee: (who happened to have one handy)
|
|
Employee: Ugh, it’s not working. But they have $25, $50 and $100. |
|
Scammer: Purchase 3 of 100$ amazon |
|
Employee: Just 3? They probably have 40. Should I grab the Williams Sonoma, too? How many should I get? Enrico? I mean—Mr. Palmerino? |
|
Scammer: Just the 3 Amazon. |
|
Employee: Ok! Where do you need me to send them?
|
|
Scammer: It’s alright. Send me clear picture of receipt. |
|
Employee: Oh sweet! Thank you! Listen, I don’t want to frustrate you, |
|
Scammer: Lol. You’re a clown. |
|
Employee: What do you mean? |
|
Scammer: You’re too funny. |
|
Employee: Hold on, almost checked out. Okay, what do you need from the receipt? |
|
Scammer: Send me picture of everything you purchased with the receipt. |
|
Employee: Okay, I’ll try…
|
|
Employee: So weird, it’s like sending random photos from my album. |
|
Scammer: You can just take the pictures direct and send to me. |
|
Employee: I’m trying. Sit tight. |
|
Employee: Hahahahaha oops! But hey, SAUCE! You know what though? I don’t think this is going to work. I’ll keep the cards though, thanks! |
|
Scammer: Okay, a**hole. |
We thought this exchange was pretty funny, but imagine the damage that could have been done if the employee had failed to recognize the danger. It’s easy to trust all the technological protections available these days, but it’s important not to overlook keeping your staff in the loop.
That means thorough training on proper protocols in communication, what information you should and shouldn’t transmit, and how to confirm a communication is what it seems to be.
Botkeeper’s automated bookkeeping solution takes security seriously, with industry-standard SOC2 Type 2 accreditation, two-factor authentication, and 256-bit encryption for data at rest and data in transit.
If you’re interested in learning more about keeping your organization safe, download our eBook, “Client Data Security Best Practices.”
