Sunday, May 24, 2009

My father, computer security expert

Check this transcript, carried over IM between my father and a friend of his (called Nikhil).

Nikhil: am not fine
Nikhil: am stuck here in uk
Father: what happened
Nikhil: i came here for a resort
Nikhil: and i was mugged at a gun point'
Nikhil: my moeny and so many other thig have being taken away by tis hoodlums
Nikhil: are you here with me
Father: yes
Father: Very sad to hear

Nikhil: am thinking if you could loan me some money to pay my hotel fee and some other thing and as soon as am back i will payyou back
Father: Who was your last boss, and which company you worked for
Father: Which floor was your office on

Nikhil: why asking me all this
Father: What was the PIN code of the office area
Nikhil: i cant talk right now
Nikhil: all i need is your help
Nikhil: my boss
Nikhil: pls help me
Father: Who used to sit next to you
Father: with whom did you fight everyday

Nikhil: ok
Nikhil: bye

In case you didn't understand it, it is a very sophisticated scam, where a fake Nikhil is asking my father for money. My father is not convinced that this person is Nikhil and tries to validate identity through secret keys (answers to questions only the real Nikhil would know). When my father first told me about this, I did not understand what he was doing. This is a very sophisticated phishing attack and I was amazed that my father saw through the scam immediately. There are a couple of lessons from this:

  • Security is a mindset, not a product. My father's computer was not compromised. Most probably the attacker has the password to Nikhil's account. No antivirus or firewall on my father's computer would have prevented this attack.

  • Unsafe websites and computers are a threat to everyone. Unsafe Windows computers and websites that our friends and family use could potentially be a threat to us.

  • With users of online social networks, this attack could be made very convincing. Another reason to avoid putting too much information about yourself online.

  • Security is about teaching people healthy skepticism. In this case, my father is already a security expert!