Blog

Fool you once, fool you twice, fool you over and over and over…

Feb 15

Written by:
2/15/2011 12:08 PM

If you’ve spent any time on our website, you know that some of our people are paid by companies to fool employees through social engineering audits.

No kidding. Our guys are paid to lie, cry, impersonate, and otherwise con unwitting employees into divulging sensitive company information. Then, we provide data, explain the danger zones, and offer suggestions and training that helps plug the data-draining holes and protects the company from the threat of a social engineering attack.

Now, before you ask, “Why would anyone want to put their company through that?” consider the danger. 1 out of every 3 calls we make results in a compromised account, which means that employees in all industries are clearly 1) in danger and 2) unaware of the threat. And we are often hired over and over by companies—with increasing success.

Are we getting better? Maybe. More likely, employees are not protecting themselves with knowledge and policy.

Now, you are raising your awareness just by reading this. And there are other ways to protect yourself—and your company—from a social engineer. Consider these tips:

1) Don’t take it personally. Social engineers can use almost any piece of information to build or carry out an attack—and they may play on your emotions to get it. So remember: strictly following company policies in any emotionally charged situation may be your best defense.

2) Don’t get cocky. Social engineers are masters at preying on a target’s ego—and the person who is most sure of his or her security is often the easiest to “get.”

3) Be nice—but not too nice. In addition to being masters at ego-stroking, social engineers are professionals at getting pity. Again, be helpful and friendly—but always follow policy.

4) Know the policy. Maybe above all, be aware of your company’s policies, both in general and in regards to social engineering. They are there to help, not to hinder. And they may protect you from a hacker—or from one of us, posing as a distressed client, a weepy and frustrated employee, or a pleasantly confused older lady who just needs a little help with her online account.

I mean, you don’t want to be THAT guy, right? The low-hanging fruit? The guy that fell for it?

Read more about our social engineering audits, security awareness training, and awareness campaigns here: http://rocketready.com/FraudReady

Trackback Print

Tags:

Categories:

Location: Blogs Parent Separator

Miranda Nerland

0 comment(s) so far...

Blog Search

KeywordsPhrase

RocketReady Twitter

Twitter Updates

Keep Your Android Healthy! http://t.co/jVCIkhRn about 1 months ago reply
Let's review the top 5 security breaches of 2011. Surprisingly, employees were the biggest losers (of information). http://t.co/Kl0MBBPk about 4 months ago reply
Click here to find out how to recycle your way to a security breach. http://t.co/mMQRNzgR about 5 months ago reply
That guy that just followed you in from the parking garage could be a social engineer—and you just held the door open. http://t.co/C8EcCgVN about 6 months ago reply
Yes...the name is ridiculous. But “vishing” is a serious threat. http://t.co/aCWncSwE about 6 months ago reply