Author Box
Articles Categories
All Categories
Articles Resources

A Social Engineering Story

June 23, 2012 | Comments: 0 | Views: 182

There's a new guy working in your office. You haven't seen him around before and he keeps switching desks, using those of people who are out of the office, or work different shifts.

He has a nice smile and seems really friendly. You guess he works in IT because he always has a laptop and fiddles with peoples desktop PCs quite a bit, but you haven't spoken to him directly yet.

As time goes by you work out he's a bit of a charmer. He has a way with people, makes them feel comfortable with him around and some of the ladies in the office have taken quite a shine to him. He's witty, amusing and likes to bring in biscuits or doughnuts for everyone.

Eventually you find out his name is Tim and he is something to do with IT - you were right! You pluck up the courage to chat to him, and he tells you about his family, his wife and kids, his favourite sport and the team he supports. You get chatting about common interests; he's a really nice bloke and can talk well about almost any topic - not your typical IT geek then, phew!

The following Monday you see no sign of Tim, but you think nothing of it. He's probably off today or working at your other site.

By Wednesday, you have realised he must be off on holiday - you hope he's not ill or anything, especially that lovely wife of his.

The next Monday morning arrives and still no Tim. You don't worry too much because your PC is playing up and you can't log in to the network.

After logging a call with the Helpdesk, you notice that there seems to be a lot of senior managers and directors in various meetings, all looking very serious. Oh god, not more redundancies. So you knuckle down and look busy - as much as you can without your computer, putting the lack of Tim to the back of your mind.

When you turn up on Tuesday morning you see that everyone is being taken into a room with some gentlemen in suits - you were right, it is more redundancies. Your turn to go in the room comes and you enter with some trepidation.

The rather stern looking gentleman in front of you says, "My name is Detective Sargent Jim Gallows. What can you tell me about someone working here recently called Tim... ?"

And that's when you find out that Tim didn't work in IT, he didn't actually work for your company, or a supplier. In fact it's very doubtful his name was even Tim.

You also find out that your company computer systems are offline because they have been infected with a virus which has deleted all your corporate data, but not the police suspect, before "Tim" took copies of all your essential information - personnel records, bank account & credit card details, sensitive customer records, financial data, etc. "Tim" and whoever he worked for now knows more about your company, its employees, suppliers and customers than your company does!

That's all because you, your colleagues and managers didn't check who "Tim" was, didn't make sure he had the permission and the authority to be where he was, doing what he was doing.

Your company has just been the victim of a social engineering scam. "Tim" had essentially conned his way into your company, planted key-loggers on peoples PCs to collect their user Ids and passwords. He had then connected his laptop to your corporate network and hacked into various systems, using the credentials he'd collected, to steal all you vital business data. At the end of this he had uploaded his virus to the network, ensuring you didn't have access to your systems for at least a few days.

Now imagine if there was no virus, no tell-tale to let your IT people know something was wrong. Would you even know this had happened?

Lee Hezzlewood is the founder of Secure Thinking, a UK company providing specialist services in Data Protection and Cyber-Security. Get help setting up your Security Awareness Programme.

Source: EzineArticles
Was this Helpful ?

 
0
 
0
 
Rate this Article
 vote(s)
Feedback
Print
Re-Publish

Article Tags:

Social Engineering

,

Scam

,

Information Security

,

It Security

,

Security Awareness

,

Business Security

In India, employment opportunities are set to grow by a good margin in the coming year, a phase which was started in the turn of the second decade of the 21st century. organisation, candidates with

By: Sarkariexam l Business > Careers Employment l April 01, 2013 lViews: 11709

Sometimes it is amazing to see that certain jobs can precipitate huge turnouts in the recruitment drives. It is as if thousands of people were waiting for the vacancy advertisements and the moment

By: Sarkariexam l Business > Careers Employment l December 30, 2012 lViews: 690

In recent times, jobs in healthcare segments have grown tremendously. It is anticipated that this growth curve will continue for the times to come. Various factors are responsible for this

By: Sarkariexam l Business > Career Advice l December 27, 2012 lViews: 449

Are you in a dilemma whether to choose web based CRM or not? If yes, don’t worry. You aren’t the sole person having this doubt.There are numerous firms trying to make out whether investing in a

By: Reneta Vasileva l Business > Customer Service l December 23, 2012 lViews: 409

If you think about it you will realize the fact that each business has its own set of risks that are involved in it.The trade secrets that you have and the information related to the business is what

By: brumbrum1 l Business > Risk Management l December 23, 2012 lViews: 263

As the time is changing, concierge management services are now growing despite the slowing economies of the world. The main reason of it is the need that is highly specific to the people who like to

By: willsmith10 l Business > Management l December 23, 2012 lViews: 334

Almost all modern businesses hold, share and access potentially sensitive information on a regular basis. But how many have truly effective information security controls?

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 185

Businesses are recognising the importance of the information they manage, and more companies than ever deal with sensitive information on a regular basis. So whether you are a one-man-band or a

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 215

Information security and data protection is important to small and medium businesses, but many don't understand the threats and risks. Here we outline some of the primary issues and attempt to show

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 174

Too many organisations, particularly in the small-medium category, seem to think information security is about IT and technology. But information security isn't just about IT and businesses need to

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 184

Fire resistant doors are very popular for being fully safe and are able to control fire to a great extent. Not just any manufacturer can make these doors and one has to pass the competency test in

By: Alicia Tanl Business > Securityl June 22, 2012 lViews: 206

One type of professional is important for lock installation, lock changes, key making and, frankly, lock opening. Most people don't even think of a locksmith until they lock themselves out of

By: Antoinette Ayanal Business > Securityl June 22, 2012 lViews: 205

Almost all modern businesses hold, share and access potentially sensitive information on a regular basis. But how many have truly effective information security controls?

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 185

Businesses are recognising the importance of the information they manage, and more companies than ever deal with sensitive information on a regular basis. So whether you are a one-man-band or a

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 215

Information security and data protection is important to small and medium businesses, but many don't understand the threats and risks. Here we outline some of the primary issues and attempt to show

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 174

Too many organisations, particularly in the small-medium category, seem to think information security is about IT and technology. But information security isn't just about IT and businesses need to

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 184

Location-based services are increasing in popularity all the time. But are we opening ourselves up to a world of pain and potential abuse through the use of such services?

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 167

Organisations with an online presence need to consider the security of their websites as well as it's look and feel, functionality and usefulness as a marketing tool. Otherwise there could be serious

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 179

Discuss this Article

comments powered by Disqus