Posts Tagged ‘social engineering’

More Phone Scams For the General Public

Thursday, March 20th, 2014

It seems that right now phone scam season is going strong!  Last week I posted about some common scams targeting businesses. Those same scams are also targeting the general public, so please be on the lookout for them. In addition to those, here are some others that seem to be targeting primarily individuals and the general public. (more…)

Phone Scam Open Season – Business Risks

Friday, March 14th, 2014

It seems that right now phone scam season is going strong!  I got 2 calls last week from scammers. I got another scammer call during a meeting last night. Two of my LinkedIn contacts got calls in the past week that they asked me about. A local newspaper columnist got a call from a scammer. As folks are becoming more aware of phishing attempts via email and other types of malware, they are also becoming more lax about spotting phone scams, often stating the belief that most crooks are using online phishing scams instead of any other type of rip-off. (more…)

Cybercriminals Just Came A Callin’ At My House

Friday, July 8th, 2011

I just got off a 30-minute call that came unsolicited from a young-sounding man with a very thick Indian accent who, when I asked him his name, said it was Jason Anderson (doesn’t sound like an authentic name of someone from India).  He told me he was calling me because there had been a lot of complaints in my area about malicious code damaging operating system software and he wanted to be sure my operating system was not impacted. (more…)

Crooks Don’t Need to Steal SSNs If They Can Create Valid SSNs Themselves

Friday, July 10th, 2009

I’ve had some very interesting discussions about the CMU SSN study throughout the week, and, before moving on to other topics next week, I wanted to wrap up the week and discussion with some final thoughts on the CMU SSN topic..


Implications Of The CMU SSN Study: What Business Leaders Need To Understand

Wednesday, July 8th, 2009

Following the release of the CMU SNN report on Monday, I’ve had some very interesting discussions with privacy and information security folks, and I’ve been pretty amazed at some of the reactions to the study.
I also posted about this to one of the GRC mailing lists I participate in, and I got some questions asking me for my thoughts about some specific issues. I wanted to share those thoughts here as well…


Missouri Dept of Revenue Sued (Under DPPA) For Releasing PII That Was Posted for Sale on the Internet

Monday, August 11th, 2008

It used to be very common for various state and local government agencies, such as the Department of Motor Vehicles, to sell their records, containing vasts amounts of personally identifiable information (PII), as a revenue stream. That changed when Rebecca Schaeffer’s stalker killed her in 1989 after paying $250 to get her address, and other PII on file, from the California Department of Motor Vehicles.
After this horrible, tragic demonstration of how very bad things can happen when people have full reign to get access to PII, states started enacting drivers protection acts to keep the PII the agencies had on file from being accessed in such egregiously irresponsible ways. Finally, a U.S. federal law, the Drivers Privacy Protection Act (DPPA) was enacted to help protect the PII in drivers’ records.
So, I found the following inappropriate release from a state agency to be very interesting…


Social Engineering Suckers Security Sages

Friday, August 8th, 2008

Yesterday at Black Hat a couple of the presenters, Shawn Moyer and Nathan Hamiel, reportedly discussed their experiment that revealed how easily they got some prominent Chief Information Security Officers (CISOs) to fall for a social engineering scam played out using social networking sites.
Here’s a short excerpt…


Social Engineering, Ethics, and Why You Should Never Put Anything Online That You Don’t Want Others To See

Thursday, August 7th, 2008

Okay, now here’s an example of how people will take information you’ve given them, under false pretenses, just because they can, and post it for the world to see, with no regrets about how it hurts other people.


Social Engineering Rescues Long-Time Hostages

Saturday, July 5th, 2008

Yesterday it was widely reported that 15 hostages held by Colombia’s Marxist guerrillas for as long as 6 years were freed after some very brave and daring commandos posed as being part of the guerrilla group.
The news reports described it as a stunning rescue, and it definitely was that; quite stunning!
As we watched the numerous news reports about it, I spoke with my boys about the tactics they used to get the hostages freed.
Recently I’ve been creating social engineering training content along with a social engineering awareness assessment tool, and something I found remarkable about the rescue was how it used social engineering to its full affect to rescue the hostages.
Some of the tactics in this situation included:


Social Engineering Schemes Increase: Great Case Study From An Actual Event

Tuesday, January 22nd, 2008

Last month I finished the second issue of my Protecting Information publication and the topic couldn’t be more timely: social engineering.
Just today I have already read in my daily news items 5 articles about social engineering! One in particular, “CUNA Mutual Warns on Costly HELOC Scam,” provides not only a great example of a current social engineering scam, but it would also make a great case study for social engineering training and within your awareness communications and activities. Here’s a quick overview…