The purpose of this article is to go beyond the basics and explore how social engineering, employed as technology, has evolved over the past few years. A case study of a typical Fortune 1000 company will be discussed, putting emphasis on the importance of education about social engineering for every corporate security program.
Expand all |
Post comment
In all seriousness though, Social Engineering is a serious oversite of IT personnel in small and large corp. I spent several year travelling throughout the US to various high end hotels and casinos on business as well as over the phone. I can honestly say that there have only been a handful of times where I was required to wear ID, and even fewer times where I was actually questioned about the nature of my presence there.
I have also easily gained access to remote sites (legitimately) through simply conversations that revealed very little information about who I was and why I was calling.
It simply illistrates that if you act like you belong, and talk like you belong... people will not question you.
TSmeed (at) syndic8ds (dot) org [email concealed]
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1860/566#566