IT's common sense security

Computer scams rely on nothing more complex than old-fashioned con tricks.

  • E-Mail
By  Peter Branton Published  March 21, 2007

Staff at the Antwerp branch of ABN Amro thought that Carlos Hector Flomenbaum was one of the bank’s most charming customers. A regular visitor, he was friendly with many of the staff, going so far as to buy some of them chocolates. In fact, the only problem with Flomenbaum turned out to be his occupation — diamond thief.

While the man pretending to be Flomenbaum wooed staff at the bank, which is located in the heart of Antwerp’s diamond quarter, he was really finding out as much information as he could about the security arrangements for diamonds hosted within its vaults. The bank had a sophisticated electronic card security system, costing more than USS$1.3million; unfortunately the conman was given one of the cards, as he managed to convince staff he needed to access the vaults at night. Thus equipped, he proceeded to steal diamonds worth US$28million.

A spokesman for Antwerp’s Diamond High Council blamed the staff’s susceptibility to the conman’s charm, pointing out that “despite all the efforts one makes in investing in security, when a human error is made nothing can help”.

The parallel with IT security is all too easy to spot: while we tend to refer to attacks such as phishing as “social engineering” tactics, they rely at their heart on old-fashioned con tricks, albeit delivered in a high-tech manner.

This week’s Internet Security Threat Report from Symantec shows that the number of threats targeting the region (and originating here as well) is increasing. The Middle East and the UAE in particular, is now seen as a target by all manner of unscrupulous criminals and we need to be on our guard against them.

While as a security firm Symantec will obviously be only too willing to sell all of us products to guard against such threats, simple common sense can sometimes prove more useful. Without it, sometimes nothing else will help.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code