KCS has known all manner of con-artists, tricksters and fraud-artists in its time. Recently, however, our interest has been particularly piqued thanks to the simplicity and audacious nature of one case, against the backdrop of an increasingly inter-connected and, supposedly, ‘secure’ world.
For all the security and countermeasures companies now employ, it is the human element that steadfastly remains the weak link in the chain. Whether using the same password for different accounts, opening unexpected emails or accessing unsecure websites, these simple actions can lead to billions in lost revenue and the paralysis of corporate giants. Equally, the very human trait of taking what is at face-value and reading into it is often good intuition yet can sometimes be fatal.
Until now attacks on state entities have primarily remained the preserve of other state counterparts: testing, probing and ultimately undermining the infrastructure of their adversaries. The recent attacks in the Straits of Hormuz come to mind. What is less common are nefarious groups playing the long con; where there is no quick fix guaranteed, and where the rewards are far greater. At least, not for a prolonged period of time, given the very public profiles of politicians and the added sense of security that these seemingly provide.
Since 2015 scammers, allegedly originating from Israel, began impersonating the French Defence Minister Jean-Yves le Drian, calling African ministers, ambassadors and businessmen. The prime fraudster claimed, as Le Drian that he would like them, on behalf of France to pay ransom money for French citizens held by groups in Syria. Of course, France could not be seen dealing directly with terrorists, hence the need for intermediaries.
Despite its relative simplicity, this scam successfully persisted, undetected, for two years. In total, they stole €80 million. At the time, the victims genuinely believed they were helping the French government pay ransoms for hostages held by Islamic extremists. Those scammed included the Aga Khan, who lost in the region of £15 million, and a Turkish businessman who had given out double that amount. The question lingers – why did private sector businessmen and figures feel the desire to pay for ransoms on behalf of the French government, with no guarantees of reimbursement?
People want to believe that they are needed, especially if called upon by a senior public figure. They believe what they see, or what they want to see – the French flag, the imposing desk – symbolism and imagery are powerful tools in the arsenal of manipulation. The sting needed the targets to believe unquestionably that they were being contacted directly by Mr Le Drian, who then requested financial help to free French nationals in the Middle East. Of course, the way he walked, talked, looked and his mannerisms were critical in this deception.
What makes this particularly surprising is the fact that Le Drian is not some unknown backroom bureaucrat, having served as Minister of Defence for five years. Since 2017, he has held the position of Minister of Europe and Foreign Affairs. And so, we turn to the simplistic part of the crime. Even a cursory glance at the internet reveals that the masks used are cheap and readily available. Equally, tutorial videos on how to make these masks are readily available on YouTube.
Even with technology, it is the simple cons that focus on the human element that still cut through the complicated web of corporate security. All of the firewalls and virus defenders in the world cannot help against the human actually clicking the button and overriding any automatic concern. The Le Drian scam worked so well for so long because it played upon emotions: awe at the setting, sorrow at the abductions, irrationality at thinking the setup could be anything other than genuine. Apart from the mask it was not even a high-tech scam, but it didn’t need to be. Although simplicity often wins the day, this can be of equal benefit to fraudsters who have the inbuilt advantage of assumed credibility.
Simple problems require simply solutions – a much greater degree of scepticism concerning any situation, at work or at home, and an acceptance that nothing can be taken at face value if you cannot see the face underneath.