I got hacked...at...maybe

Aug 27, 2014 | Random

Well, it happened…probably.

I was just getting back to my office after board meeting when I got one of the ever-occurring phone calls from a company wanting a few moments of my valuable time to schedule a date so they could take more of my valuable time to sell us something we don’t need because we already have it. Now, I’m always listening for ways to improve, and part of my job is to evaluate new technologies, so if the product seems somewhat interesting, I’ll take an hour and look at it. This one did, because it was a security product, so I said, “Yes.” We scheduled a time, and then she (the caller was a “she”) asked me for my e-mail address, and something inside me went “click”. I don’t normally give out my e-mail address over the phone to a stranger, and I told her so, and then the conversation got really interesting.

Me: Now, who do you work for?

She: MX CoolCo

Me: Just a second

I googled it, and the site looks more than legit…These people spent a ton of money on it.

Me: I’m sorry…what is your name again?

She: Gia Calliani

Me: Gia, I am not trying to be rude; I’m just a little paranoid about giving out information to people I don’t know or know about. I’m sure you understand. How can I verify you are who you say you are?

Now, l’m telling you that I do this all the time, especially lately, and the caller ALWAYS appreciates or at the very least understands my caution, and I have ALWAYS been able to verify the legitimacy of the call…until now. When I asked my last question, she acted like it actually hurt her feelings. Are you kidding me? Telemarketers don’t even have feelings after people hanging up on them all day, day after day after day. It was either her first day on the job or something was going on.

Something was going on.

She: Here’s my number; you can call me here at this toll free number.

Me: Gia, that number doesn’t match the one on your website.

She: Well, I don’t actually work for MX CoolCo. I work for a company the sets up meetings for MX CoolCo, but you can call me at the number I gave you, and we can continue.

Okay. Now, it’s been a long day after a brutal week before, but there’s no way I’m so out of it that I am going to call her back at the number she gave me to verify she is who she says she is. Homer Simpson wouldn’t fall for that one, even after a night at Moe’s.

Me: Who do you work for, then?

She: BestSysEver in Dallas.

I googled BestSysEver, and their site looks like it was developed by a high school intern…and the number she gave me doesn’t match the one on that site either.

Let me recap this: I, a man, get an unsolicited call from an attractive-sounding woman with a pretty name who wants my e-mail address, and she gets her feelings hurt when I very politely try to verify her identity, and the more I try to verify, the more desperate she gets. It actually sounded like she was going to cry.

Suspicious? Yeah.

Me: The number you gave me does not match that site either. I’m not trying to be rude, but I will call you back if I can verify you are who you say you are.

And I hang up before she has a chance to respond.

Now, Gia could be her real name, and she could work for BestSysEver who could drum up business for MX CoolCo, and Tuesday could have been her first day on the job, and I could have actually hurt her feelings by asking a simple question. It’s possible, but I’m not buying it. Not yet.

I have some research to do.

She may well turn out to be legit, but the point here is that we all have to be careful. No matter how sophisticated your security systems are, no one has developed a firewall to protect people from human hackers: the social engineers.

I can hear some of you right now thinking, “So what’s the harm in an e-mail? Everyone has anti-virus and a firewall programs to protect against hackers!” You are absolutely correct. You know it, I know it, and guess what? The bad guys know it, too.

So one of the newer trends for hacking companies is to specifically target C-level execs (CEO, CIO, CFO, etc. ..and the rest of you are targets, too, so don’t feel left out!) by sending them an e-mail that installs a custom designed virus on their respective computers. That virus captures everything that person does on the computer, including passwords, trade secrets, internal e-mails, etc. and sends it all to the hacker.

And here’s the best part: It is completely undetectable. No anti-virus or firewall can stop it because they can’t see it. These viruses look like legitimate code. This is not an abstract fear. A New Mexico company was infected for two years before it was discovered on a fluke by a person who accidentally saw a lot of data going out at an odd time of day.

Now for the mini-sermon: Be careful! Do not open attachments you are not expecting and NEVER open an attachment in an unsolicited e-mail.

I love the joke, “I’m not paranoid, I just think everyone is out to get me!” Make no mistake here: Everyone is not out to get us, but some people are. We all have to be very, very careful because we don’t know friend from foe.

More to come as I track this down.

Author’s Note: Gia Calliani, BestSysEver, and MX CoolCo are not the actual names of the people and companies involved. Out of the abundance of caution, I have substituted the actual names in my experience with these.

Share this post