I’m not a fan of Sacha Baron Cohen because I don’t find him funny; for the most part, I can’t get over how mean-spirited he is and how much damage it does to others. However, his recent Showtime show does provide some meaningful cringeworthy lessons that showcase just how easily fooled people can be. Just like a phishing or spear phishing attack, he uses his target’s vanity and desire to be sociable against them. In this case, he isn’t stealing their money, but he is destroying their reputation and massively reducing the value of their brand.
This just showcases the breadth of the exposure, as it ranges from trying to empty your bank account to destroying your ability to earn a living to using you to steal your company’s intellectual property. With the web and electronic transfer, folks don’t even need to be on the same continent to do you or your firm damage. And, when it happens, people are often too embarrassed to admit they were duped.
You can watch some of his greatest hits here. I’d like to now cover how to protect yourself from this kind of scam attack.
Trust but Verifyhttps://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
“Trust but verify” was a Russian term that Ronald Reagan made his own during the nuclear disarmament treaty with Russia. In short, it really means that if you can’t validate something, it isn’t real. This should be a phrase that sits on each of our office walls.
One simple practice is that when someone calls you with information, always call them back with a number you looked up yourself. Typically, a government agency doesn’t call and a co-worker in another department is more likely to use email rather than a phone. However, given that you can spoof email or use an address that looks right but isn’t, the same rule applies. When someone is asking for information, pick up the phone, use their interoffice number, and chat with them before you respond and possibly cause a breach. This is particularly important if you get a call from an executive who typically doesn’t call you.
Increasingly, tools are allowing people to use Facebook and other forms of social media to sample voice files so, even if it sounds like someone you know, it may not be them. I was watching the other night as some poor guy sent $5,000 in ransom to free his kidnapped wife (not an uncommon scam). In fact, she wasn’t kidnapped and her voice on his phone had been synthesized. Always call or text, always validate, and realize that the vast majority of these things are scams right now.
Know Your Ego
A big red flag is when someone you’ve just met starts complimenting you a lot. The potential for awards, recognition, and status can often blind us to what is actually going on. I’ve watched senior executives be flattered into SEC exposures by attractive women chatting them up (several lost their jobs, millions of dollars, and risked jail time). This is largely how Steve Jobs set Carly Fiorina up over a decade ago. He used compliments and empty promises to make sure HP never brought to market an iPod competitor and, while it isn’t certain that HP would have been successful, had it been, Apple likely wouldn’t be around today, and Fiorina lost her job partially as a result of that scam.
What I’m pointing out is that this behavior isn’t just limited to those who are traditionally phishing for information but can be used by those who want to manipulate you into an outcome that favors them and not you. You can be scammed by people who are legitimate as easily as you are scammed by people who are not. This appears to be the primary way Sacha Baron Cohen ropes in his guests.
Wrapping Up: Educate Yourself Against Scammers
It is a shame that we can’t be more trusting, but the reality is that a lot of people make a living scamming others. The damage is very real. I expect a number of the politicians that Cohen has scammed are basically unelectable now and at least one poor woman lost her job because of his “gag.” You could not only lose your job but your house and life savings, so it is important to keep alert.
Trust but verify, red flag anyone who seems suddenly very complimentary, and if you get a bad feeling, leave, or hang up. I watch the Cohen videos for much the same reason that I watch crazy driver videos (it also assures that I’m never driving in Russia). I want to make sure I’m aware of the threats and at least have developed a plan of action if I’m ever on the wrong side of one of these things.
I’ve been scammed a few times in my life and didn’t enjoy it at all. I expect you won’t enjoy it either and the way to avoid this kind of embarrassing memorable experience is to learn from the mistakes of others. Otherwise, you’ll have other folks learning from you. And that is no fun, no fun at all.
Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm. With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+