In light of recent social engineering attempts against one of our customers and the recent GoDaddy security issue I wanted to provide you an overview of what social engineering is, highlight some data security policies organizations should have in place, and list some of the most common types of attacks employees can face as this becomes an increasingly popular hacking tactic.
Social engineering is the art of manipulating people into giving confidential information or performing certain actions. It is often considered to be a form of low tech hacking because it doesn’t matter how secure your network is when Fran in accounting tells an attacker the passwords to log into your QuickBooks server.
One of the primary methods of social engineering you or your hosting provider may encounter is attempts to gain access to data or information about the environment. These sorts of attempts could come from many directions, whether through a phone call, an email, or through a live chat program. The most important thing to remember in these situations is to avoid providing information until you have verified who has contacted you, and it is especially important to avoid providing them with additional information that they could use in later phishing attempts. To verify information you can provide each user with a unique passphrase, have them submit a ticket in an internal portal, or contact the account holder with the requester’s name.
In some cases the caller may become irritated during these interactions because of the measures being taken, but this could be part of the act as a social engineering attempt relies on a plausible call as well as taking into account the effects that an emotional response can produce. Don’t let your desire to get an angry caller off of the line be the cause of a compromise.
The key takeaway from all of this is “Trust, but verify.”
Want to find out more about social engineering or data security? Contact us at firstname.lastname@example.org.
Here is an example of a social engineering attempt, it was a good try, but we weren’t buyin’ it (some info has been removed for security reasons):
Connectria Support: Hello, how can I help you today?
Customer: hello, do you speak english?
Connectria Support: yes
Customer: sorry, Portuguese*
Connectria Support: sorry not Portuguese
Customer: ok I’ll use the google translator
Customer: I’m having trouble accessing my account
Connectria Support: Sure
Customer: [customer portal URL]
Connectria Support: what’s your company name?
Customer: I’m using my e-mail (XXXXXXXXX) but getting an error
Connectria Support: thanks. Let me check for you.
Customer: Okay thanks
Customer: sorry but I have another question, you guys work with colocation? I intend to purchase some.
Connectria Support: have you tried resetting your password?
Customer: yes but no email is coming here
Connectria Support: the other option would be to give us a call so we can verity you are authorized to access the account [support number]
Customer: I did not understand, I should call this number?
Connectria Support: if you call us at this number we will be able to reset the password for you
Connectria Support: can you try that?
Customer: yes one moment
Connectria Support: sure, no problem. If you have any trouble with that you can also email your account manager, XXXX XXXXXX at XXXXXX@connectria.com and he should be able to assist as well
Customer: this saying that the number does not exist, I’m in Brazil. I think I’m dialing wrong, just type these numbers even?
Connectria Support: you will need to dial your exit code- 1-314-XXX-XXXX
Connectria Support: I believe this should be one of the exit codes you need: 0014 – Brasil Telecom
Customer: Sorry, I could call, but unfortunately I do not speak English, this is a problem. :/
Connectria Support: Ok, no problem. Let me check what else we can do
Connectria Support: If another member of your team is able to login I suggest they put in a ticket. If not, I will have an account manager try to call you and resolve this issue
Connectria Support: I apologize for your inconvenience
Customer: You may not attempt to reset the password for me?
Connectria Support: For security reasons, we cannot reset the password over chat
Customer: But you could try to send to my email, can you not?
Connectria Support: Sorry I cannot do that. Can someone else on your team submit a ticket for you?
Customer: But no member could even here in this moment. I need to solve a problem on my server urgently ..
Customer: Sorry if I’m sending incorrect phrases, is that I’m using the google translator.
Connectria Support: if you call the number I provided you and give the account manager your support password they will be able to help you
Customer: Do you have someone there who speaks Portuguese by phone?
Connectria Support: we just need to confirm your identity
Connectria Support: Unfortunately not
Customer: yes I understand
Customer: may I use google traduro for this? Lol
Connectria Support: sure, we can try it
Customer: ok what would be the same number?
Connectria Support: yes
Customer: we do the following, I just need to upgrade some software on the server because of some incompatibilities and to upload a file. Could you do this for me or is not possible?
Connectria Support: sorry we need proper authorization to make changes to the account
Customer: Ok then, what should I talk on the phone?
Connectria Support: if it’s an absolute emergency try calling someone on your team who can submit a ticket
Connectria Support: You will need to say your company name, your passphrase, and that you need to reset your password. They will be able to help you from there
Customer: Ok I’ll do that, anything I return the chat here ok?
Connectria Support: I will stay here
Customer: Ok bye then, thanks for the information.