Some thoughts on social engineering
I’m reading “The Art of Deception” by Kevin Mitnick. It is interesting to read how it is so easy to get people to trust you and give information that would normally be held confidential. It makes me think that I should be much more careful about verifying the identity of who is calling or emailing me. Normally I’m careful, but it takes being vigilant and on guard at all times!
My most recent brush with social engineering was when I got the “Heather from Card Services” scam. I didn’t give out information, but I can see how these guys do it. They began by asking me a series of innocent questions, then proceeded to ask things like “what is your 16 digit card # and expiration”. I immediately suspected something was up, because a read credit card company has never asked me for my expiration over the phone when I call them. What made me even talk to them as much as I did was because they said they were from “Card Services”, and one of my cards list themselves online and in statements as “Card Services, FIA” or something to that effect.
So the lesson learned, and that Kevin is trying to teach us, is that it can be very easy to “mark” a target and go after information. Especially when multiple calls are made and a little information is obtained each time, it can add up to being enough to steal an identity, break into a computer system, or something worse. That is why he wrote the book, to show the rest of us how to analyze how ourselves and our companies interact with people (especially that call on the phone), and limit the amount of information that is given out until identity is verified.
Please keep a watchful eye on what you and your employees do, as you never know who could be trying to do some hacking or “private investigation”.
![[FSF Associate Member]](http://www.technotheologian.us/getButton.png){kind=small}