Social engineering is something that weve all done, whether weve realised it or not.
When we were children its likely that we played one parent off against the other to get our own way, telling each that the other had said we could do something we couldnt like have another packet of crisps. Fast-forward a little bit and youll remember telling your teachers that your dog really did eat your homework. For most of us, it stopped there. But only most of us
I want to tell you two stories, both of which use social engineering but for two completely different reasons.
Getting a free dinner when being stood up
Im not one to turn down a free dinner, but I wouldnt go as far as Kyle Baldinger did to get one.
Long story short: Kyle saw a tweet that said If you go to dinner alone always ask for a table for two. Look sad as you eat and you almost always get a free dessert.
So, he thought hed give it a go, and live-tweeted what happened.
WARNING: THE IMAGE IS TOO LONG SO YOU SHOULD RIGHT CLICK AND SAY OPEN IN A NEW TAB THEN ZOOM IN.
If youd rather not read the whole thing, the short version is that Kyle bagged himself a free dinner after fooling a restaurant into believing he was stood up.
Walmart employee fired for stealing money keeps uniform and steals another $30,000 from three other Walmarts
Yeah, that happened.
A 17-year-old male from Oklahoma was fired from his job at Walmart for stealing money. Rather than considering himself lucky that he got away without being charged, he put his uniform back on and stole $30,000 from three other Walmarts by pretending to be a general manager from another store.
As he was in uniform and was wearing the companys name tag, no one doubted him. He claimed he was carrying out an inventory of the stores before an inspection after the holidays, but surveillance cameras caught footage of his real purpose: according to a police report, when the boy was alone in the cash room, he took several bundles of banknotes and stuffed them into his pockets.
Good people dont do bad things
Both stories are different in terms of motive and technique, but they both share common aspects confidence and plausibility.
If you dont seem like a bad guy, then most people will assume that youre not and this is a problem. If a man you didnt recognise was knocking on your locked office door holding a coffee cup in each hand, its very likely that youd let him in without checking his credentials dont pretend you wouldnt. Bringing coffee to an office isnt something bad people do, and thats what makes it the perfect cover.
The reason youd open the door for him is that the situation explains itself. Youd assume that he needed to be let in because his hands were full not because he didnt know the doors security code and that he must be meeting someone as he had two cups, not one.
It reminds me of a couple of lines from the movie Matchstick Men:
Lohman: You dont seem like a bad guy.
Cage: Thats what makes me good at it.
What can be done?
It isnt easy to protect your organisation from social engineering. Humans are naturally collaborative and tend to help others, which is why confidence tricks continue to work. Certain technological solutions can help rebuff attempts to take advantage of your staff, but the best solution is to train your staff to be more sceptical.
Social engineers will expect to be questioned and will have prepared answers, so its unlikely that your staff will be able to uncover anyone by asking questions other than Can you prove who you are and why youre here?
Sure, it may be awkward to challenge someone so directly, only to find out that theyre your senior, but theyll understand why theyre being asked.
//Quoted. Have a nice day
.
When we were children its likely that we played one parent off against the other to get our own way, telling each that the other had said we could do something we couldnt like have another packet of crisps. Fast-forward a little bit and youll remember telling your teachers that your dog really did eat your homework. For most of us, it stopped there. But only most of us
I want to tell you two stories, both of which use social engineering but for two completely different reasons.
Getting a free dinner when being stood up
Im not one to turn down a free dinner, but I wouldnt go as far as Kyle Baldinger did to get one.
Long story short: Kyle saw a tweet that said If you go to dinner alone always ask for a table for two. Look sad as you eat and you almost always get a free dessert.
So, he thought hed give it a go, and live-tweeted what happened.
WARNING: THE IMAGE IS TOO LONG SO YOU SHOULD RIGHT CLICK AND SAY OPEN IN A NEW TAB THEN ZOOM IN.
If youd rather not read the whole thing, the short version is that Kyle bagged himself a free dinner after fooling a restaurant into believing he was stood up.
Walmart employee fired for stealing money keeps uniform and steals another $30,000 from three other Walmarts
Yeah, that happened.
A 17-year-old male from Oklahoma was fired from his job at Walmart for stealing money. Rather than considering himself lucky that he got away without being charged, he put his uniform back on and stole $30,000 from three other Walmarts by pretending to be a general manager from another store.
As he was in uniform and was wearing the companys name tag, no one doubted him. He claimed he was carrying out an inventory of the stores before an inspection after the holidays, but surveillance cameras caught footage of his real purpose: according to a police report, when the boy was alone in the cash room, he took several bundles of banknotes and stuffed them into his pockets.
Good people dont do bad things
Both stories are different in terms of motive and technique, but they both share common aspects confidence and plausibility.
If you dont seem like a bad guy, then most people will assume that youre not and this is a problem. If a man you didnt recognise was knocking on your locked office door holding a coffee cup in each hand, its very likely that youd let him in without checking his credentials dont pretend you wouldnt. Bringing coffee to an office isnt something bad people do, and thats what makes it the perfect cover.
The reason youd open the door for him is that the situation explains itself. Youd assume that he needed to be let in because his hands were full not because he didnt know the doors security code and that he must be meeting someone as he had two cups, not one.
It reminds me of a couple of lines from the movie Matchstick Men:
Lohman: You dont seem like a bad guy.
Cage: Thats what makes me good at it.
What can be done?
It isnt easy to protect your organisation from social engineering. Humans are naturally collaborative and tend to help others, which is why confidence tricks continue to work. Certain technological solutions can help rebuff attempts to take advantage of your staff, but the best solution is to train your staff to be more sceptical.
Social engineers will expect to be questioned and will have prepared answers, so its unlikely that your staff will be able to uncover anyone by asking questions other than Can you prove who you are and why youre here?
Sure, it may be awkward to challenge someone so directly, only to find out that theyre your senior, but theyll understand why theyre being asked.
//Quoted. Have a nice day
.
Son düzenleme:
