People often ask me how hackers actually get access to banks, government installations, and other sensitive archives.  The answer often surprises them.  While Hollywood would have you believe all hackers sit behind computers in dark rooms, typing in complex codes to crack NORAD’s security, the truth is very different.  The most used weapon in a hacker’s arsenal is…the telephone.
You would be amazed how much information you can get out of a company simply by tricking the receptionist or unwitting employee.  If you are reading this article, you have been social engineered at some point.
As an example, business owners have often been called by “the copier people” wanting to verify the model number on their copier.  Soon after, the receptionist or office manager of that company gets a call saying “We just want to verify your toner order for your <model> copier.”
Most employees will assume a valid order was placed and “ok” the order.  The company is then charged three times the normal price for that toner.  That, my friends is social engineering.
Of course, social engineering can also be used for more nefarious purposes, like attaining social security numbers, credit cards, and other sensitive information.  Be careful.
Always identify anyone asking for this type of information.  As an added layer of security, you might also ask for a call-back number, hang up, and then call them back.  Most hackers will hang-up the second you ask for that number.

This entry was posted on Wednesday, August 18th, 2010 at 7:10 pm and is filed under Newspaper Articles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.