Re: Steps to avoid Social Engineering

[Micheal Espinola Jr <michealespinola () gmail com>]

a phreaker would have those bases covered.

On 4/18/05, Cd Pirate <cdpirate () gmail com> wrote:
> One thing you could do is take down their details, and call back the
> comany and ask to be connected to that person.
>
> This way, you can be sure that the person is actually working in the
> company, and is in the building.
>
> ~CdPirate
> http://www.hackersfoundation.org/
>
> On 4/18/05, Tabs The Cat <tabsthecat () gmail com> wrote:
> > Hello y'all,
> >
> >      I have a question for you guys (and gals). We all know about social
> > engineering. Some of us use it on a daily basis. And we all know how
> > it can be even more dangerous than any computerized attacks, but how
> > can we protect against it?
> >
> >      I'll give you an example: we have a database based program that
> > was written by and maintained by a third party that is in another
> > city. In the past when they needed access for maintenance, we would
> > provide them it via VPN. Recently there has been a problem so they
> > were contacted. Earlier today someone from that company phoned me to
> > discuss details about the VPN. I haven't given them any information
> > yet. In this case I am fairly positive it is legit since they knew the
> > company that we use as well as who lodged the complaint.
> >
> >      But how could I get this person (or any one in the future) prove
> > to me that they are the people who are they say they are? Any advice?
> >
> > Tabs



-- 
ME2

my home: <http://www.santeriasys.net/>
my photos: <http://mespinola.blogspot.com/>