• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

I'm Not Who I Say I Am

Although much of this book discusses how you need to be more suspicious of your email, most people still place a great deal of trust in what they are told and who tells them. I've never met many of the people I work with; instead, I deal with them via email and the phone. How do I know if they are who I think they are? In this section, you see how easily an attacker can send you an email that appears to come from someone else.

Case Study 5-1

Sue opened her email to find the following message:

To: sales@company.com

From: mdavis@harty.com

Subject: Order

I recently placed an order with your company. Our plans have changed and I
would like to cancel the order. I am on the road and don't have access to the
order number, but if you could handle this, I would greatly appreciate it.
Mike Davis


Harty, Inc.

Sue had dealt with Mike Davis on several occasions and had sent him numerous emails, so she recognized the email address instantly. She looked up the order on her computer and canceled the order. She clicked Reply, emailed Mike that the order had been canceled, and then went on with her day.

Two weeks later, Sue was called into her boss's office. Mike Davis was there and looked very upset. Sue's boss told her that a critical order for Mike's company had been canceled, and the system showed her ID had been used. Sue was asked who authorized the cancellation.

Sue told them about the email. Mike denied ever sending the email message. They went to Sue's desk where she pulled up the email message. Upon further examination, it became obvious that not only had the email been sent from someone other than Mike, but also Sue's response had not gone to Mike to warn him. By the look on her boss's face, Sue realized the damage had already been done.



Not a subscriber?

Start A Free Trial

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint