Low-tech social engineering attacks

Introduction

Frank Abagnale is probably the most famous low-tech hacker since Son’ka the Golden Hand and the man who stole the Mona Lisa, Vincenzo Peruggia. Abagnale famously impersonated various professions, including a doctor and a pilot, to help facilitate his financial scams where he used false identities to forge checks and cash them in. Abagnale ended up being sentenced to 12 years in prison for fraud. He is now a regular at cybersecurity and regulatory compliance conferences.

Abagnale used social engineering to extract money, but his techniques were low-tech. However, the outcomes were much the same as the high-tech equivalents of today. Low-tech and social engineering are good bedfellows. In fact, many of the seemingly high-tech counterparts, like CEO fraud, will often have an element of low-tech at some point in the process.

Low-tech social engineering tricks often dovetail with their high-tech cousins to carry out a cyberattack. Here, we’ll look at a few such techniques.

Security Awareness

Physical security

News headlines may seem preoccupied with data breaches and high-tech security hacks, but low-tech ones that involve breaching a physical asset can be just as damaging. One such physical breach is known as “tailgating.” This is a simple low-tech technique to gain illegal entry into a building. 

In 2009, security consultant Colin Greenless demonstrated how easy it is to gain such unauthorized access to a building. In the experiment, Mr. Greenless was able to enter the building of an FTSE financial services firm without challenge and carry out reconnaissance and show the potential for data theft. 

Once inside the building, Greenless was able to work for several days in a meeting room, unchallenged. In that time, he was also able to move freely between office spaces and access various sensitive data, often left out on printers and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/4ug7MfJVe2w/