• Choose a category
• All
• Classic-Fiction

• Several different methods used by attackers to convince even alert, suspicious employees to reveal their computer usernames and passwords.

• How an Operations Center manager cooperated in allowing an attacker to steal his company’s most secret product information.

• The methods of an attacker who deceived a lady into downloading software that spies on every keystroke she makes and emails the details to him.

• How private investigators get information about your company, and about you personally, that I can practically guarantee will send a chill up your spine.

You might think as you read some of the stories in Parts 2 and 3 that they’re not possible, that no one could really succeed in getting away with the lies, dirty tricks, and schemes described in these pages. The reality is that in every case, these stories depict events that can and do happen; many of them are happening every day somewhere on the planet, maybe even to your business as you read this book.

The material in this book will be a real eye-opener when it comes to protecting your business, but also personally deflecting the advances of a social engineer to protect the integrity of information in your private life.

In Part 4 of this book I switch gears. My goal here is to help you create the necessary business policies and awareness training to minimize the chances of your employees ever being duped by a social engineer. Understanding the strategies, methods, and tactics of the social engineer will help prepare you to deploy reasonable controls to safeguard your IT assets, without undermining your company’s productivity.

In short, I’ve written this book to raise your awareness about the serious threat posed by social engineering, and to help you make sure that your company and its employees are less likely to be exploited in this way.

Or perhaps I should say, far less likely to be exploited ever again.

part 2

the art of the attacker

chapter 2

When Innocuous Information Isn’t

What do most people think is the real threat from social engineers? What should you do to be on your guard?

If the goal is to capture some highly valuable prize—say, a vital component of the company’s intellectual capital—then perhaps what’s needed is, figuratively, just a stronger vault and more heavily armed guards. Right?

But in reality penetrating a company’s security often starts with the bad guy obtaining some piece of information or some document that seems so innocent, so everyday and unimportant, that most people in the organization wouldn’t see any reason why the item should be protected and restricted.

THE HIDDEN VALUE OF INFORMATION

Much of the seemingly innocuous information in a company’s possession is prized by a social engineering attacker because it can play a vital role in his effort to dress himself in a cloak of believability.

Throughout these pages, I’m going to show you how social engineers do what they do by letting you “witness” the attacks for yourself—sometimes presenting the action from the viewpoint of the people being victimized, allowing you to put yourself in their shoes and gauge how you yourself (or maybe one of your employees or coworkers) might have responded. In many cases you’ll also experience the same events from the perspective of the social engineer.

The first story looks at a vulnerability in the financial industry.

CREDITCHEX

For a long time, the British put up with a very stuffy banking system. As an ordinary, upstanding citizen, you couldn’t walk in off the street and open a bank account. No, the bank wouldn’t consider accepting you as a customer unless some person already well established as a customer provided you with a letter of recommendation

Quite a difference, of course, in the seemingly egalitarian banking world of today. And our modern ease of doing business is nowhere more in evidence than in friendly, democratic America, where almost anyone can walk into a bank and easily open a checking account, right? Well, not exactly. The truth is that banks understandably have a natural