There were some disturbing results from a capture-the-flag-style contest held at this summer's DefCon security conference. The CTF exercise—called "How Strong Is Your Schmooze?"—was an attempt to raise awareness about social engineering, or human manipulation in order to commit a crime. It challenged contestants to attempt to breach (in an ethical and legal way) information about target companies that could be used for a hypothetical attack.
Also read about basic social engineering tactics and ploys and how to prevent them
Contestants made 140 phone calls to employees at target companies seeking information. Almost all gave the callers the information they were looking for; only five employees did not. And 90 percent of targeted employees opened up a URL sent to them by contestants—even though they really didn't know the person who had sent it. The numbers reveal social engineering is a huge problem for all organizations, said Chris Hadnagy, who organized the contest.
To continue reading this article register now