Researchers at Dell SecureWorks share the story of how they suspected an email scammer from Nigeria by playing along to eventually fool the schemer.
The email scheme dealt with a fraud who was pretending to be the CEO. The scammer tried to trick the firm into wiring funds to a bank account. Although companies can often train their employees to learn how to spot these suspicious emails, sometimes this isn’t enough. Hackers will always find a way around it.
In this scenario, the best way to fight back would be to reply to the email scam and pretend to act like a gullible victim. This way you fool the fraudster into thinking that his or her plan actually worked and essentially you are in control. The next step would be to try and identify the scammer. SecureWorks sent a PDF to the scammer that was disguised as a receipt but would actually identify the scammer’s IP address, allowing the company to gain more information about the scammer. The researchers found that the scammer was from Nigeria and was viewing the PDF on an iPhone. SecureWorks then asked for bank account details which allowed them to report it to the bank and shut down the account.
SecureWorks is trying to publicize this occurrence so other companies can learn from the incident and take similar actions if needed.