Fake Graham Cluley tries to steal Sophos staff data

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

I woke up this morning, checked my email, and found out that I had an impersonator.

This was a very different situation from a couple of weeks ago when Greg Day of McAfee “stole” my identity. I opened my email today to discover that overnight some clown has been ringing up Sophos staff in our Singapore, Hong Kong and Phillippines offices claiming to be me.

Apparently the caller (who has a Hong Kong accent) says that he is in Hong Kong on the way to Japan. He goes on to claim that his laptop is causing problems and so can a helpful person at Sophos please send various pieces of personal information about our employees to him. A classic piece of social engineering.

Sign up to our free newsletter.
Security news, advice, and tips.

Kudos to the guys and girls in our Asian offices for keeping their wits about them, and realising that not only am I not in their neck of the woods at the moment, but also that the guy sounded nothing like me!

But this bizarre story leads to a more interesting question. Would your company be as alert to the risks of this kind of data theft?

What steps do you take to authenticate that someone is who they say they are? Some of these staff in Sophos Asia Pacific may never have met me, but they might feel obliged – because obviously they are HUGE fans of the Clu-blog :) – to help me out in my moment of alleged hardware failure.

If your staff aren’t aware of security risks, and haven’t been trained about the importance of securing corporate information, then they could all too easily fall into the trap of handing information over to a data thief believing they are just “being helpful”.

Update: Thanks to reader JackP who suggested I should have titled this blog post “Hong Kong Phoney”. Bah! Wish I had thought of that..


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.