emPower

Social Engineering Attacks Still Alive and Well

telephoneCNET News recently reported that the AT&T account of convicted hacker turned security consultant Kevin Mitnick had been breached for the second time.

Reportedly, the hacker(s) simply called a representative at an AT&T store in Idaho and asked them to do a password reset. They then posted Kevin’s personal details to the Internet.

Aside from the fact that there’s a certain irony in the fact that the hacker(s) used simple social engineering techniques similar to the techniques that resulted in Kevin’s conviction and 5-year prison term, it’s a reminder to all of us who work with security awareness training.

It’s far too easy to become engrossed in the technical aspects of security such as passwords, spyware and viruses, and neglect some of the non-technical aspects such as physical security and social engineering. If a hacker can find an unshredded document with network details in a dumpster, or can call the Help Desk and have them reset a password, many of your technological safeguards are immediately rendered useless.

Remember, it’s information security – not just computer security.

Like this post? Subscribe to receive updates directly in your inbox.