Between June 2015 to February 2016, a 15-year-old was able to break into the private email accounts of the Director of the CIA and the US Director of National Intelligence. He was able to do this via phone by posing as a Verizon employee in order to trick the company into sharing personal information about his victims, resetting passwords, and changing security questions.
This technique provided access to the CIA Director’s emails, contacts, iCloud storage, and his wife’s iPad, as well as plans for intelligence operations in Afghanistan and Iran. He also targeted other victims in the Department of Homeland Security, FBI, White House, and the US Department of Justice.
While this may be an extreme example of a successful social engineering attack, it highlights the fact that anyone and everyone is at risk of falling prey to strategic deception methods.
In this episode of the InSecurity Podcast, host Matt Stephenson is joined by special guest Jenny Radcliffe, Head of Training and Consultancy at JennyRadcliffe.com, who explains how adversaries using psychological methods can be a huge threat to organizations, and how understanding the methodologies employed are a valuable tool for security professionals for defending against social engineering attacks, scams, and cons of all kinds.
About Jenny Radcliffe
Jenny Radcliffe (@Jenny_Radcliffe) – AKA “The People Hacker” – is an expert in social engineering (the human element of security), negotiations, non-verbal communication, and deception. She uses her skills to help clients from corporations and law enforcement to poker players, politicians, and the security industry to protect themselves from malicious social engineering attacks. She is also the host of The Human Factor Podcast.
Using a blend of anecdotes, science and humor, Radcliffe is an exceptional and highly impactful speaker. A regular keynote at major security events (Infosec, Rant, DISA, (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Cylance Blog. Read the original post at: Cylance Blog