Non-motoring > New Scam at work Miscellaneous
Thread Author: zippy Replies: 12

 New Scam at work - zippy
On my company's intranet site...

On arriving outside the office a colleague saw a person pick up a company branded USB memory stick from the pavement. The person handed the USB stick to the employee and said that it looked like someone from your office had dropped it.

The colleague took the device and promptly plugged it in to his computer to see if he could see any files to identify the owner.

Of course the device had some nasty malware on it and the virus checker had not stopped it.

Our company does not use branded memory sticks anyway and the ones we do use are password protected / encrypted.

I was in Colmore Row (Brum) last week and an IT bod confirmed that it was true and caused a lot of trouble, though the colleague is just "embarrassed" and not disciplined - they want people to admit when these things happen and not hide the fact.

Most laptops and PCs have USB drives disabled but a few are active for users that receive large files from clients.

We have previously had criminals gaining employment as staff with our outside building maintenance contractors who were refurbishing offices fit key loggers to desktop PCs.

 New Scam at work - sooty123
What do they get from all this?
 New Scam at work - zippy
>> What do they get from all this?

I work for a bank. They are looking for bank account details / identity theft.

The fake contractors were actually caught and did time.

We have had staff approached and offered cash for account details.
Last edited by: zippy on Sun 29 Sep 19 at 00:19
 New Scam at work - No FM2R
It is a scam, but it most certainly is not new. I came across this one in the mid 00s when somebody tried this outside one of our control centers.

There should be an absolute policy about unknown devices. Breach should warrant severe censure.

I don't care how well intentioned that employee was he'd have walked had I been there.
 New Scam at work - martin aston
Yes it's a scam as old as memory sticks. It was also inadvertently and naively facilitated by bona fida companies back in the day giving (good) sticks as freebies to clients. This lowered people's guard and allowed the scammers to move in.

My then employers banned us from using them many years ago.
 New Scam at work - Netsur
The phishing scam was alive and well on Friday in my office.

Head of Admin asks me about 'that urgent payment you need making. I looked at her blankly so we trotted over to her assistants computer. Yep, spoof email from me with simple innocuous question about cut off times for internet banking followed by some details of a payment required.

As we use two person authorisation it should have been spotted before the payment was made but it was very close and I can see how it would have succeeded. I have reiterated the paper or phone call confirmation about bank accounts not already on our system..... I hope I never have the need to call the police.
 New Scam at work - Bromptonaut
>> There should be an absolute policy about unknown devices. Breach should warrant severe censure.

That was exactly the policy in my latter days in Civil Service. Breach would be gross misconduct. Negligible risk to or in our own work but we were part of wider network and ultimately part of government secure intranet.

Problem for us was that we had visitors making presentations to the Quango's formal meetings. Inevitably they'd want to be tweaking stuff until last minute and bring final version to meeting. Problem solved with a standalone laptop that was incapable of connection to gsi.

Even in charitable sector where I work now USB drives are banned and the slots on the PC's disabled.
 New Scam at work - zippy
>>Breach should warrant severe censure.

This was the policy previously but people tried to hide what they did when they realised it, causing more problems.

I guess it would be different if the same user did it a couple of times.

Easy way to get someone sacked as well, just walk past their desk when they are not there and slip in a USB drive.
 New Scam at work - Fullchat
If they have remained logged on whilst leaving their desk an email declaring undying love for the boss is always good for giggle :)

We had an Intranet site with a buying and selling forum. The requests for such things as old Christmas cards after Christmas and bottle tops amongst other things indicated that the sender had been a little slack with their logging off.

Never did it again :)
Last edited by: Fullchat on Sun 29 Sep 19 at 12:12
 New Scam at work - Zero
I worked with a white hat hacker for a while, doing penetration testing. Some of the things he got up to break in would either make your hair curl or alternately leave you slack jawed with the brilliantly simple techniques used to exploit human nature

One of my best moments at work, was at the final presentation when he handed each of the senior management a sealed envelope with their salary details inside
Last edited by: Zero on Sun 29 Sep 19 at 12:37
 New Scam at work - zippy

We had a guest security bod invited to one of our team meetings.

After lunch he had accessed 7 of the 12 iPhones and worked out the passwords for half of the laptops - just from chatting with us.

Family, pet names, birthdays etc are no longer used.
Last edited by: zippy on Sun 29 Sep 19 at 12:50
 New Scam at work - zippy
Reminds me of another. c2014.

Someone set up a personal bank account in the name of a client.

As a totally made up example, someone was actually able to go to the bank and set up an account in the name of "Mr Heinz" but a much more difficult one to turn in to a real name.

He then wrote to some large customers telling them that the supplier's name had changed.

Some customers just changed their payment details without any further checks despite spelling errors in the letters.

Luckily the supplier's credit terms were very tight and when they called a customer over a £1m plus missing payment the truth came out and the payment was recovered.

The perpetrator was not caught.
Last edited by: zippy on Sun 29 Sep 19 at 13:06
 New Scam at work - Bobby

£2.5m for 11 days work is a good return!
Latest Forum Posts