What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Everything You Wanted to Know about Social Engineering -- But Were Afraid to Ask...

Social Engineering Critical Corporate Information

Yes, that person claiming to be a Cisco engineer might know an awful lot about who works for whom and what equipment your company has. If you think that means he or she must be authorized to be given the executive password or allowed to enter the room where you keep your routers - think twice.

Ira Winkler, in his book "Corporate Espionage" tells how he has vacuumed up an amazing amount of information during his penetration tests. He would "pretend to be the assistant to a high level executive who personally wanted to welcome new employees to the company. My boss was extremely upset , I would claim, because the list of new hires was overdue."

With the new hires list in hand, he would contact people who were so new that they were unlikely to be able to detect an impostor. "I used the security briefing ruse, because people are usually intimidated by any contact dealing with security and they usually provide all requested information without challenge."

Some computer criminals are even more blatant than Winkler. In one case, a cracker simply walked into a building and posted a note on a bulletin board advising people to call his home phone number for technical support.

More on social engineering --->

Back to the index of "Everything You Wanted to Know About Social Engineering -- But Were Afraid to Ask --->

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group

 © 2013 Happy Hacker All rights reserved.