I really enjoyed reading this chapter. The first thing that stood out to me was that it didn’t make sense that the company that stored the files for the pharmaceutical company in the first example did not have an alarm. In the example the private investigator gained access to the building where the files were kept simply by picking a lock. It seems to me that a company that specializes in storing valuable content (evidenced by the password system they have in place to retrieve files) should have an alarm system. The second useless fact that stood out to me was the fact that the con man in the second example supposedly only spent $150 on taking several employees of the robotics company to lunch at the “best restaurant in town.” Not only did they eat lunch, but he paid for drinks too! I think the real con is how he got away with only spending $150.
This chapter showed some more aspects and techniques of social engineering. I really feel that it takes more skill to pull something off like in the second example (the lunch). With the phone scams, the social engineer can always hang up if someone catches on. When you are physically in someone else’s office, the situation is not as easy to back out of. I guess the lesson learned here is if a well dressed handsome man shows up unannounced and tries to wine and dine you, you better think twice.
2 comments:
Ha, that $150 situation hadn't occurred to me. That is true. Maybe a lot of the details on these cons are merely estimates. Maybe we are being conned into believing that these cons happened...uh oh...
You know, I didn't even think about the alarm aspect, but you're right. Why would a firm choose a company to store sensitive information, first without having it encrypted, and then without even having a building alarm? They might have well as kept it in their grandma's basement, it would have been safer.
And that's a good point about the $150 lunch. There's no way, especially including drinks and tips. Something fishy there.
Post a Comment