Awareness
9 Dirty Tricks: Social Engineers' Favorite Pick-Up Lines
Congrats on your inheritance! Okay, you knew that one's the start of a scam. Here are other come-ons you'll encounter when criminals come knocking
By Joan Goodchild, Senior Editor
Well, cookies can't hurt either. Nickerson said he always brings cookies when he is trying to gain the trust of an office staff. In fact, a 2007 diamond heist at the ABN Amro Bank in Antwerp, Belgium involved an elderly man who offered the female staff chocolates and eventually gained their trust with regular visits while he pretended to be a successful businessman.
"It was just plain old chocolate," said Nickerson. "Sweets loosen everybody up."
Ultimately the bank lost 120,000 carats of diamonds because the man was able to gain enough trust to be given off-hours access to the bank's vault.
"Can you hold the door for me? I don't have my key/access card on me."
In the same exercise where Nickerson used his shirt to get into a building, he had a team member wait outside near the smoking area where employees often went for breaks. Assuming his team member was simply a fellow-office-smoking mate, employees let him in the back door with out question.
This kind of thing goes on all the time, according to Nickerson. The tactic is also known as tailgating. Many people just don't ask others to prove they have permission to be there. But even in places where badges or other proof is required to roam the halls, fakery is easy, he said.
"I usually use some high-end photography to print up badges to really look like I am supposed to be in that environment. But they often don't even get checked. I've even worn a badge that said right on it 'Kick me out' and I still was not questioned."
Phishing lures
"You have not paid for the item you recently won on eBay. Please click here to pay."
"We see emails impersonating complaints from eBay for non-payment of winning bids," said Shira Rubinoff, founder of Green Armor Solutions, a security software firm in Hackensack, New Jersey. "Many people use eBay, and users often bid days before a purchase is complete. So, it's not unreasonable for a person to think that he or she has forgotten about a bid they made a week prior."
Rubinoff, who was once targeted and almost fell prey to a phishing attack, was inspired to found Green Armor after the incident. She said this kind of ploy plays to a person's concerns about negative impact on their eBay score.
"Since people spend years building eBay feedback score or "reputation," people react quickly to this type of email. But, of course, it leads to a phishing site."
Social engineering
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
