Writing, publishing, geekdom, and errata.

Social Engineering - It can happen to you!

No comments
Someone just tried to phish security information via social engineering at work.

The caller said: "I'm from the Upper Valley Installation Center and we're trying to install Allscripts down there to C:\windows\something[I don't remember] and we are having some trouble getting it to work and I was wondering if you could help me out?"

Which doesn't make sense, since 

1) We don't use Allscripts (though that's a real program), 
2) Nobody from that location would be installing software here, let alone remotely, and 
3) Our IT people would be handling it.

I tried to transfer them to security, but we couldn't get it to transfer. 

So I ended up saying "I think the problem is that you want to install a Windows program on our Linux machines". The female caller hung up quickly.

I don't know what they were trying to obtain, but there's enough examples of identity theft and security breaches for me to take it seriously.

Most information security breaches actually happen through this kind of social engineering.  Read up and make sure you're aware of the possibility:


No comments :