Wednesday, July 6, 2011

When Innocuous Information Isn't

Posted by OurTech Team | Wednesday, July 6, 2011 | Category: , , , |





When Innocuous Information Isn’t
What do most people think is the real threat from social engineers? What should
you do to be on your guard?
If the goal is to capture some highly valuable prize--say, a vital component of the
company's intellectual capital - then perhaps what's needed is, figuratively, just a
stronger vault and more heavily armed guards. Right?
But in reality penetrating a company's security often starts with the bad guy
obtaining some piece of information or some document that seems so innocent,
so everyday and unimportant, that most people in the organization wouldn't see
any reason why the item should be protected and restricted






HIDDEN VALUE OF INFORMATION
Much of the seemingly innocuous information in a company's possession is
prized
by a social engineering attacker because it can play a vital role in his effort to
dress himself in a cloak of believability.
Throughout these pages, I'm going to show you how social engineers do what
they do by letting you "witness" the attacks for yourself--sometimes presenting
the action from the viewpoint of the people being victimized, allowing you to put
yourself in their shoes and gauge how you yourself (or maybe one of your
employees or co-workers) might have responded. In many cases you'll also
experience the same events from the perspective of the social engineer.
The first story looks at a vulnerability in the financial industry.

CREDITCHEX
For a long time, the British put up with a very stuffy banking system. As an
ordinary, upstanding citizen, you couldn't walk in off the street and open a bank
account. No, the bank wouldn't consider accepting you as a customer unless some
person already well established as a customer provided you with a letter of
recommendation.
Quite a difference, of course, in the seemingly egalitarian banking world of
today. And our modern ease of doing business is nowhere more in evidence than
in friendly, democratic America, where almost anyone can walk into a bank and
easily open a checking account, right? Well, not exactly. The truth is that banks
understandably have a natural reluctance to open. an account for somebody who
just might have a history of writing bad checks--that would be about as welcome
as a rap sheet of bank robbery or embezzlement charges. So it's standard practice
at many banks to get a quick thumbs-up or thumbs-down on a prospective new
customer.
One of the major companies that banks contract with for this information is an
outfit we'll call CreditChex. They provide a valuable service to their clients, but
like many companies, can also unknowingly provide a handy service to knowing
social engineers.
 

Currently have 0 Comments:


Leave a Reply