RE: Steps to avoid Social Engineering

From: Matt Cunnane (matt.cunnane_at_gmail.com)
Date: 04/19/05

  • Next message: John Blackley: "Re: User account auditing"
    To: <security-basics@securityfocus.com>
    Date: Tue, 19 Apr 2005 19:27:41 +0100
    
    

    As a start, I'd recommend calling them back via the company's main
    switchboard number. This isn't foolproof, but provides a quick and easy
    test to weed out less sophisticated attackers.

    Matt

    -----Original Message-----
    From: Tabs The Cat [mailto:tabsthecat@gmail.com]
    Sent: 18 April 2005 19:39
    To: security-basics@securityfocus.com
    Subject: Steps to avoid Social Engineering

    Hello y'all,

         I have a question for you guys (and gals). We all know about social
    engineering. Some of us use it on a daily basis. And we all know how
    it can be even more dangerous than any computerized attacks, but how
    can we protect against it?

         I'll give you an example: we have a database based program that
    was written by and maintained by a third party that is in another
    city. In the past when they needed access for maintenance, we would
    provide them it via VPN. Recently there has been a problem so they
    were contacted. Earlier today someone from that company phoned me to
    discuss details about the VPN. I haven't given them any information
    yet. In this case I am fairly positive it is legit since they knew the
    company that we use as well as who lodged the complaint.

         But how could I get this person (or any one in the future) prove
    to me that they are the people who are they say they are? Any advice?

    Tabs


  • Next message: John Blackley: "Re: User account auditing"

    Relevant Pages

    • RE: Steps to avoid Social Engineering
      ... You can always use caller id, ... KAILANGAN NAMIN ANG INYONG TULONG upang ... Steps to avoid Social Engineering ... someone from that company phoned me to discuss details about the VPN. ...
      (Security-Basics)
    • RE: Steps to avoid Social Engineering
      ... Without a clear statement of how the environment operates, you will run into situations like this. ... I would think this one would fall specifically under a remote access policy. ... Steps to avoid Social Engineering ... discuss details about the VPN. ...
      (Security-Basics)
    • Steps to avoid Social Engineering
      ... engineering. ... Some of us use it on a daily basis. ... it can be even more dangerous than any computerized attacks, ... discuss details about the VPN. ...
      (Security-Basics)
    • RE: Steps to avoid Social Engineering
      ... Steps to avoid Social Engineering ... city. ... discuss details about the VPN. ...
      (Security-Basics)