Wednesday, October 30, 2019

#ISC2Congress: Astronaut Email Scam Raises a Laugh

#ISC2Congress: Astronaut Email Scam Raises a Laugh

Noting how phishing emails have become ever more sophisticated, Garnet River CISO Michael Weisburg shared the details of one attack that bucked the trend.

Speaking on the final day of the (ISC)² Security Congress in Florida, Weisburg had the crowd in stitches after sharing the details of a phishing email with the subject line "Nigerian Astronaut wants to come home."

The missive is from astronautics project manager Dr. Bakare Tunde, who claims to be the cousin of Nigerian astronaut Air Force Major Abacha Tunde. It states that Major Tunde became the first African in space when he embarked on a secret flight to the Salyut 6 space station in 1979. 

The email goes on to say that Major Tunde went to space again in 1989 as part of a secret Soviet mission to space station Salyut 8T. However, the unfortunate astronaut was stranded there in 1990, when the Soviet Union was dissolved. 

"His other Soviet crew members returned to Earth on the Soyuz T-162, but his place was taken up by return cargo," states the email.

If you thought many years in space would dampen Major Tunde's spirits, you'd be wrong.

"He is in good humor," states the email, "but wants to come home."

Dr. Tunde then tells the email recipient that they will receive a portion of Major Tunde's accumulated flight pay if they will help bring him back to Earth by allowing money to be transferred into their bank account.

In the remainder of his session, titled "'You’ve Got to be Kidding!': WTF Moments in Information Security," Weisburg recited amusing cybersecurity stories from his own life, including the time one of his cybersecurity students told him that the only thing they had used a computer for was to watch Netflix.

Weisburg then called on the audience to share their own eye-rolling tales. One man said that on his first security assignment for a public company in 2004, he asked to see the server, and was met with, "What's that?"

He was taken down to the white room, where operators were able to correctly identify the first two boxes on the shelf, but when he asked what the third one was, he was told: "Don't touch it. That's Miss Mary's computer."

Miss Mary's computer turned out to be a PC-MOS/386 that was running Windows 3.1. He asked when the last backup had been done and was told, "None of our backup systems work on this because it's too old."  

Asked what their backup plan was, the operators replied: "Don't be here when it crashes."



from Infosecurity - Latest New... https://ift.tt/2C0Z8V6

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.