Scary Stories in IT Security – Social Engineering

I heard a good scary story about IT security recently that I thought was worth sharing.  A lot of times when people think of hackers, they imagine what they seen on TV.  Some guy sitting in front of multiple monitors frantically attacking his keyboard while lines of code keep streaming by.  Then after 30 seconds, he’s hacked the NSA.  That’s not reality.

The reality is that a good portion of breaches in IT security are caused by social engineering efforts.  A famous example was at a recent hackathon in Las Vegas.  A reporter bet one of the hackers that they couldn’t be hacked.  They decided that the hacker would have a specific target, the reporters cell phone account.

The hacker proceeded to make a phone call to his cell phone company with a recording of a crying baby in the background.  She claimed to be the girlfriend of the reporter and needed to add herself to the account.  She acted frazzled with the crying baby.  The rep on the other end started to ask her security questions, but she sidestepped these with the crying baby noise and managed to get access to the account.  All because the rep wanted to help.  No password cracking, no lines of code.

Another example was a simple one I heard recently.  A company wanted to see how susceptible their staff was to social engineering.  They had a third party security company email 100 users and offer a $50 Amazon gift card for filling out a brief survey.  The survey included ridiculous questions like their username and password to their computers.

They got 115 responses!  Users were trying to fill it out a second time to get another gift card, and forwarding it on to friends and colleagues.

Social engineering is a serious potential security threat that companies should be training their staff on.  i.t.NOW can help.  Don’t hesitate to reach out to us today and discuss your IT security needs.