RE: Steps to avoid Social Engineering

From: Matt Cunnane (matt.cunnane_at_gmail.com)
Date: 04/19/05

  • Next message: John Blackley: "Re: User account auditing"
    To: <security-basics@securityfocus.com>
    Date: Tue, 19 Apr 2005 19:27:41 +0100
    
    

    As a start, I'd recommend calling them back via the company's main
    switchboard number. This isn't foolproof, but provides a quick and easy
    test to weed out less sophisticated attackers.

    Matt

    -----Original Message-----
    From: Tabs The Cat [mailto:tabsthecat@gmail.com]
    Sent: 18 April 2005 19:39
    To: security-basics@securityfocus.com
    Subject: Steps to avoid Social Engineering

    Hello y'all,

         I have a question for you guys (and gals). We all know about social
    engineering. Some of us use it on a daily basis. And we all know how
    it can be even more dangerous than any computerized attacks, but how
    can we protect against it?

         I'll give you an example: we have a database based program that
    was written by and maintained by a third party that is in another
    city. In the past when they needed access for maintenance, we would
    provide them it via VPN. Recently there has been a problem so they
    were contacted. Earlier today someone from that company phoned me to
    discuss details about the VPN. I haven't given them any information
    yet. In this case I am fairly positive it is legit since they knew the
    company that we use as well as who lodged the complaint.

         But how could I get this person (or any one in the future) prove
    to me that they are the people who are they say they are? Any advice?

    Tabs


  • Next message: John Blackley: "Re: User account auditing"