Mysterious email, possible social engineering, whatever it was, it didn’t work


A colleague of mine got a strange piece of email. It went something like this, although I've substituted a fictitious nation and fictitious company name to protect the guilty(?).

Subject: St. George's Island Embassy Trade Mission: Meeting request on behalf of Contoso Corporation

Dear ⟨name⟩,

I am contacting you following the advice of ⟨senior executive⟩, CTO of Microsoft Pangaea.

The St. George's Island Embassy Trade Mission is currently assisting a local company, Contoso. Contoso would like to present ⟨technology⟩ to Microsoft. Details are in the attached document.

Would you accept a conference call with the CEO of Contoso, at a time at your convenience?

Looking forward to a fruitful collaboration,

Sir Humphrey Appleby,
Director, St. George's Island Embassy Trade Mission

My colleague has no connection with St. George's Island, nor had he ever met the named senior executive (or anybody else from the Pangaea division), and he asked, "Is anybody else getting messages like this?"

I suggested that they might be trying some social engineering: "Send an email to an employee saying that a senior executive told us to contact them. They will do whatever we ask because they think we are operating under the instructions of the CTO."

This sounded plausible, so my colleague contacted said senior executive, who replied, "I had invited Contoso to participate at a large event we held on St. George's Island last year, but just as you don't know me, I don't know you either. This is definitely suspicious. Thanks for taking the time to send me this warning."

Comments (16)
  1. Joshua says:

    It would have been funnier if Conosco wasn't a replacement name.

  2. rjmx says:

    The name "Sir Humphrey Appleby" gives it away. He was one of the characters (a senior civil servant) in the British TV series "Yes, Minister" of the 1980s.

    They could at least have picked a more obscure name.

  3. Withad says:

    rjmx: Raymond said before the quote that he changed the names of the people/company/country involved (and linked to a remarkably detailed Wikipedia article on fictional places in "Yes, [Prime] Minister"). Though perhaps we should send an airborne battalion over to St George's Island anyway. As a show of goodwill, of course.

  4. Adam V says:

    @rjmx – not sure if you're joking, but in case you're not, the link to "fictitious nation" explains "St George's Island" as a "Yes, Minister" reference. Raymond is not going to go through the trouble of picking a fake country and company and yet use a real name.

  5. Boris says:

    If Contoso did have something to do with Microsoft, where did it get your colleague's Microsoft address?

  6. Katie says:

    I've seen vendors send out spammy requests like this to people, once they've learned the names of higher-ups. They'll say something like "so-and-so" (usually a manager or VP often in a somewhat related area) asked me to contact you about our new product, hoping that that borrowed authority will trick you into talking to them and giving them a chance to sell you on their product.

  7. Vimes says:

    A technique I learned from Terry Pratchett is the split sentence.  "I've been speaking to the divisional director and I need a new laptop" is one I've tried.  "Hello" in the lift counts as speaking to doesn't it? The implied authority can work wonders.

  8. Chinese Whispers says:

    If the attachment was clean then maybe your colleague's <name> is similar to some <name> the VP mentioned during the conference, so the Contoso dudes tried to stab in the dark. (What the Contoso dude remembered ≈ What the Contoso dude heard ≈ what the VP thought he said ≈ what the VP actually said)… http://www.youtube.com/watch

  9. SomeGuyOnTheInternet says:

    800 fully armed paratroopers is an awful lot to send on a goodwill visit, isn't it?

    [It's just an awful lot of goodwill. -Raymond]
  10. Boris says:

    Vimes: having acquired a new laptop for that employee, IT then emails the divisional director and politely restates the need to follow the established hardware replacement procedures, referencing the employee's statement that it was the divisional director who approved the new laptop (they're not going to quote the employee word-for-word, but rather your implied meaning). How does the divisional director proceed?

  11. James says:

    Since this is the first genuinely professional sounding (and domestically authored) attachment bait I've ever seen used to distribute malware, I'd be very curious to have a look at this document to see what they might have up their sleeve.

  12. John Doe says:

    There are other ways to get a (new) laptop:

    – State that your current tasks require it, e.g. 64-bit, more than 4GB RAM, an actual SSD for benchmarking or to make sure that disk I/O is/was a bottleneck that is solved by using an SSD, etc.

    – If you already have a laptop, use it over a blanket, or otherwise obstruct its ventilation, to make it overheat and eventually ruin it invisibly, without scratches, dust, paper clips or staples, liquids, etc.

    – If you don't have a laptop, state that your current tasks or responsibilities require that you work in remote places, such as travelling to a client, running conferences where you share the desktop with all the development tools running, etc.

    All of this is, Of Course™, rather unethical, envious boy/girl.

    Have you noticed the cuteness? Comments are automatically hyphenated on IE10 and IE11.

  13. Nick says:

    Yeah -ms-hyphens works in IE but not in IE Mobile.

  14. prunoki says:

    "Sir Humphrey Appleby"

    Nice touch, Raymond.

  15. cheong00 says:

    @John Doe:

    1) Been there, done that, and it didn't work. Boss just say why don't you do your tasks at Deaktop if performance is slow.

    2) No comment.

    3) Unless you're C-grade(a.k.a.: CXO) or manager grade. they'll just buy one for your division and make you borrow it when needed.

  16. John Doe says:

    @cheong00, well, I didn't way it works 100%, just easier methods that are also less likely to get one fired. Someone above in the hierarchy must be stupid enough to fall for 1 and 3, or to repeatedly fall for 2. And even then, one must be stubborn enough to make it sound credible, one can't just "fold" when his/her ass is about to be uncovered. It's a risk.

    If the "excuses" to get a new laptop are not real or even good enough, one is simply being stupid (e.g. envy of someone?), and one is actually hurting the company.

    However, I'll refrain further expanding this subject. It's quite unfortunate to know these techniques have been applied, some times more successful than others, everywhere (work, clients, contractors, public institutions, schools, homes… some even do it on personal devices so friends and family buy a present for Christmas or birthday…) Is this off-topic or what?

Comments are closed.

Skip to main content