Wednesday, 30 November 2011

Trouble In Paradise?

Impersonating a huge corporation, or induc-ing people to mail you their passwords under false pretenses, can get you into big trouble. The Post Office considers such activity postal fraud, even if you're just doing it for laughs. These ideas are provided to stimulate your imagina-tion - not to encourage you to do anything illegal.
Before you go and do something stupid, you might want to read Chapter Fourteen.

When you social engineer there are many factors that inhibit the person you speak with from giving out security data. Consider, when you social engineer someone, that person
• may have been warned about security leaks
• may be knowledgeable about social engi-neering tactics
• can not verify your claimed identity
• might know you are not who you claim to be
• has no reason to assist you, and can give you wrong or misleading information
• can report your call to a security manager.

For all these reasons, a person you try to social engineer may not want to or may not be able to tell you passwords and other information that you request.

Considering the above list, would you divulge confidential information to someone asking you for it over the telephone?
That's the problem.
The solution?
See you in the next chapter!