This chapter showed me that there is no such thing as “going too far” for the social engineer. The example of impersonating a police officer was both shocking and scary. Another scary part of this chapter dealt with a stalker ex-girlfriend who found her ex-boyfriends unpublished telephone number. It blew my mind that she went through this whole scam just so she could call his house. The advice I have for her is, obviously he doesn’t want to be with you so leave him alone and stop being a stalker! With that Dr. Phil moment out of the way, I really thought the “name dropping” example was a great part of this chapter.
Most employees are so scared of losing their jobs that they will do anything to please their supervisor and not draw attention to themselves. By mentioning a supervisors name, most employees will be scared to upset that person. This reminds me of the Lion King when the hyenas would say the name “Mufasa” then shiver in fear. By dropping the name of a supervisor the employee feels compelled to give you what you want. It’s almost like by using the name, you are granted the authority of that person (funny how that works). What I learned from this example is that names should be ignored and the request should only be granted if it is right to do so. I’m sure that even if the boss did request the information, he/she would be proud that you tried to protect the company and refused to give out the information.
3 comments:
It's kind of crazy how much information we give significant others, or even our friends. The damage that could be done if they wanted to turn on us is frightening. I'm good with numbers, so it's hard for me to forget when people tell me information (like social security numbers). Good think I'm not a social engineer...
p.s. I loved the Lion King example.
I second the love on the Lion King example. I haven't thought of that in years. As for that ex-girlfriend, he was an ass but ultimately seems better off without her. People who act like that, even after being rejected, are not someone you want to make a life with. Ok, as Eric said, the end of the Dr. Phil moment.
I agree that it should be policy to ignore name dropping and focus only on following security measures. Especially when you don't know the person making the request. Employees should be trained not to be swayed by dropping the name of a bigwig, if they aren't there in person or if it's not someone you know personally, hold the line.
Fear is a huge factor guiding the actions of employees. It is scary to think that too many questions could cause an employee to get fired, but getting scammed by a social engineer could also lead to termination. It is almost as if we as future employees are in a catch-22.
Post a Comment