RE: Steps to avoid Social Engineering

• Previous message: Patoff Pat-EtHiQ: "RE: Steps to avoid Social Engineering"
• In reply to: Tabs The Cat: "Steps to avoid Social Engineering"
• Next in thread: Raoul Armfield: "Re: Steps to avoid Social Engineering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <security-basics@securityfocus.com>
Date: Tue, 19 Apr 2005 19:27:41 +0100

As a start, I'd recommend calling them back via the company's main
switchboard number. This isn't foolproof, but provides a quick and easy
test to weed out less sophisticated attackers.

Matt

-----Original Message-----
From: Tabs The Cat [mailto:tabsthecat@gmail.com]
Sent: 18 April 2005 19:39
To: security-basics@securityfocus.com
Subject: Steps to avoid Social Engineering

Hello y'all,

     I have a question for you guys (and gals). We all know about social
engineering. Some of us use it on a daily basis. And we all know how
it can be even more dangerous than any computerized attacks, but how
can we protect against it?

     I'll give you an example: we have a database based program that
was written by and maintained by a third party that is in another
city. In the past when they needed access for maintenance, we would
provide them it via VPN. Recently there has been a problem so they
were contacted. Earlier today someone from that company phoned me to
discuss details about the VPN. I haven't given them any information
yet. In this case I am fairly positive it is legit since they knew the
company that we use as well as who lodged the complaint.

     But how could I get this person (or any one in the future) prove
to me that they are the people who are they say they are? Any advice?

Tabs

• Previous message: Patoff Pat-EtHiQ: "RE: Steps to avoid Social Engineering"
• In reply to: Tabs The Cat: "Steps to avoid Social Engineering"
• Next in thread: Raoul Armfield: "Re: Steps to avoid Social Engineering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]