Not too long ago, I added my company, Inedo, to the federal government's Central Contractor Registration system. I don't know, I just didn't want to miss out on all the fun every one seems to have with government work. Whenever one signs up for virtually any government thing, a deluge of companies somehow manage to find to out. The CCR is certainly no exception.
One of the many companies that contacted me after signing up was the Federal Suppliers Guide. The initial cold call went something like this:
FSG Rep: Hi Alex, I've got some great news for you!
(Let me guess... you can save me a lot of money on something...)
Me: Okay...FSG Rep: We've reviewed your CCR registration, and it looks like your company could be eligible for placement in our guide!
(Wow, that *is* great news!)
Me: Your guide?FSG Rep: The Suppliers Guide! It's used *exclusively* by state and federal agencies to purchase services and products. Anyway, to confirm your eligibility, I'll need to ask a few questions. First, where are you located?
--- snipped a total of three questions asked ---
FSG Rep: Okay... well, let me punch this in here -- clickity clickity clicky -- wow! This is really good! You are, in fact, eligible for the guide! Would you like to be in our guide?
(There's no possible way there could be any sort of catch here...)
Me: Sure! Why not?FSG Rep: Fantastic! There's just a nominal fee to get started, so if you'll just get me your credit card number we can--
Me: How much is the nominal fee?
FSG Rep: Heh, it's really very little actually. It's a fantastic investment that ranges anywhere from six hundred to several thousand.
Me: I can't make that decision right now; can you send me over some information?
FSG Rep: Oh. You can't? Well, I mean, I guess I could send you more information... but you know, I can just answer any questions you have now. I mean, I'd hate for you to lose your eligibility, that's all!
(What a nice guy! And this whole time, I thought he was a fast-talking salesman...)
Me: I guess we'll just have to take that risk; can you also send me a copy the guide, too?FSG Rep: Err, gee... well, you know... that's the one thing I can't do. You see, these guides are to be used *exclusively* by government agents. We can't just give them to anyone, you know.
(And to think, I was questioning whether they were even legitimate!)
Me: Okaaaay... just send me what you can then.
After a bit more back-and-forth about how he could "just answer any questions I had right now", the sales rep pointed me to their sample ads, a 7mb PDF with sixteen pages of seemingly real companies, all with the same phone number (555-555-5555) and the same website (00000000000.com). Somehow, that didn't convince me to "invest" several hundred dollars, so the salesman faxed over some more information with a single, real ad.
As I eagerly waited for the follow-up call later that day, I thought I'd take a minute or two to check out their website. Almost immediately, I came across their Federal Procurement Officers Only page. Out of curiosity, I entered a username and password, and then clicked the Login button. Instantly, a JavaScript dialog popped-up...
--------------------
What happen after that? You will have to check the DailyWTF site above...or look at the site yourself [hint look at the HTML source code].
Of course, it would not be wise to use the login information that is basically handed out like candy....as this story blowing up and accessing a system without auth could get you in legal trouble.
No comments:
Post a Comment