Security Basics mailing list archives
Re: Steps to avoid Social Engineering
From: Raoul Armfield <armfield () amnh org>
Date: Tue, 19 Apr 2005 15:58:34 -0400
Tabs The Cat wrote:
Hello y'all, I have a question for you guys (and gals). We all know about social engineering. Some of us use it on a daily basis. And we all know how it can be even more dangerous than any computerized attacks, but how can we protect against it? I'll give you an example: we have a database based program that was written by and maintained by a third party that is in another city. In the past when they needed access for maintenance, we would provide them it via VPN. Recently there has been a problem so they were contacted. Earlier today someone from that company phoned me to discuss details about the VPN. I haven't given them any information yet. In this case I am fairly positive it is legit since they knew the company that we use as well as who lodged the complaint. But how could I get this person (or any one in the future) prove to me that they are the people who are they say they are? Any advice? Tabs
I am a security newbie so take this with a grain of salt.How about if you agree, in advance, on an (list of) email address(es) you can send something to. Then when they call send a message to that email address and have them read off a keyword. The reason I suggest doing it in advance is that the person you speak with may give you a fake address rendering this method useless.
-- Raoul Armfield Support Specialist IT-Call Center armfield at amnh dot org American Museum of Natural History Central Park West at 79th Street New York, New York 10024-5192 (212) 313-7258 5152 1277 A04B 04C2 BBE4 3EE8 8369 3541 8B93 42DA
Current thread:
- Re: Steps to avoid Social Engineering, (continued)
- Re: Steps to avoid Social Engineering Dave Peters (Apr 21)
- RE: Steps to avoid Social Engineering J B (Apr 19)
- Re: Steps to avoid Social Engineering T. Shannon Gilvary (Apr 19)
- Re: Steps to avoid Social Engineering David Roman Esteban (Apr 19)
- RE: Steps to avoid Social Engineering David (Apr 19)
- Re: Steps to avoid Social Engineering Times Enemy (Apr 20)
- RE: Steps to avoid Social Engineering Aruna (Apr 19)
- RE: Steps to avoid Social Engineering Patoff Pat-EtHiQ (Apr 19)
- RE: Steps to avoid Social Engineering Yashodhan Deshpande (Apr 20)
- RE: Steps to avoid Social Engineering Matt Cunnane (Apr 19)
- Re: Steps to avoid Social Engineering Raoul Armfield (Apr 20)
- Re: Steps to avoid Social Engineering Alvaro Prieto (Apr 20)
- RE: Steps to avoid Social Engineering Reece, Terry (Apr 19)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 19)
- Re: Steps to avoid Social Engineering John Pettitt (Apr 20)
- Re: Steps to avoid Social Engineering rusty chiles (Apr 20)
- RE: Steps to avoid Social Engineering Sanders, Jonathan (Apr 20)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 20)
- Re: Steps to avoid Social Engineering John Pettitt (Apr 20)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 20)
- RE: Steps to avoid Social Engineering Patoff Pat-EtHiQ (Apr 20)
- Re: Steps to avoid Social Engineering John Blackley (Apr 20)
(Thread continues...)