Chapter 3

Chapter 3

Does anyone use caller ID these days? At this point in the book it seems to me that companies should invest in a caller ID system so their employees can see where a person is calling from. If a company had caller ID, one of these social engineering scams might go something like this: [con artist] “Hi this is Ted from billing, my computer crashed and I need to know client X’s social security number” [honest employee] “ Well Ted, my caller ID shows that you are calling from a pay phone” [con artist] “ugggghh….thats because my phone went down and I….” [honest employee] “ Have a nice day.” With caller ID, an employee would be able to see where a caller is calling from and can easily determine a fake. Managers could tell their employees to only disclose information to those calling from an office line or a line from another branch location.

This chapter further illustrated how con artists take advantage of employees helpfulness. Makes you wonder if a corporate attitude of selfishness and unhelpfulness would be a wise choice these days? After reading these stories it seems like CEO’s and managers have no choice but to put their employees on a zero information policy unless some technology (caller ID) can be used to verify identities of callers. I have often been frustrated in the past when calling companies, and they have told me “we cannot give that information over the phone”, however I now know why.

Chapter 2

Chapter 2

This chapter was interesting because it showed how information can be viewed as pieces to a puzzle. Pieces of information that may seem harmless by themselves can become significant when paired with other pieces of information. This really got me to think about all of the “useless” information that I give out on a daily basis. (phone numbers, e-mail, address, etc) To the right person all of this information can be compiled to do some harm to myself or the company that I work for. Another act that I have been guilty of in the past, is trying to help fellow co-workers in the office. The office environment breeds teamwork and an “us vs. them” type of attitude. For example when I worked in a restaurant one summer, we would go out of our way to help fellow waiters who were busy and struggling. This type of behavior is only natural and this chapter showed how it can be taken advantage of.

The examples in this chapter showed how impostors who knew some very basic office “lingo” were able to get restricted information from employees who were wishing to help them out. The main point that I took home was that as a manager you have to appreciate teamwork amongst employees ,but you also have to educate them on how people might not always be who they seem over the phone.

Chapter 1

Chapter 1

I would like to take this time to thank everyone for reading my blog. I’m sure that you all are here because you are genuinely interested in my thoughts on the book, and not because you are required to read this. Now that the introduction is out of the way, we can move on to my thoughts from the first chapter. I really enjoyed reading this chapter and it definitely got me excited for the rest of the book. The example about the Swiss bank account got me to thinking how easy it can be to trick some people. I fully expected this book to be about internet hacking and was surprised to read about the “social engineering” aspect behind these crimes.

Mitnick made a good point by saying that a security system is only as effective as the people running it. It was interesting to see that you can get around a state of the art security system by just tricking one person. You don’t need a PhD in computer science or years of hacking experience to pull off a big scam, just some good acting. Reading this book makes pulling off these scams sound so easy that it is pretty tempting. However I assume that if every detail of the scam is written about in this book, that the person behind it must have gotten caught. After reading the first chapter I will defiantly be more suspicious of those around me!