cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ericgeater
Community Champion

Graham Cluley and a fake email

If you've heard of the Smashing Security podcast, you know Graham Cluley.  He recently posted this link, describing how he tried to address a fake email he received from a travel website.

 

Apparently, Cluley was never previously their customer, but within hours of becoming a customer and placing an order, he received what he thought was a legitimate message from the travel company.  There was an air of validity because of his recent order, and he almost acted on the message's demands.

 

He reached out to the company, and I'm sure they haven't responded yet because they're chasing down what went wrong.  Or, let's hope that's what's happening.  

--
"A claim is as good as its veracity."
1 Reply
Early_Adopter
Community Champion

Probably have a lurker with one or more accounts. Infiltrate the sales function then they can send fake payment instructions etc.

Seen this in the wild. Not pretty.