At Social-Engineer, we define impersonation as the “practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.” Impersonation is a social engineering tactic that continues to threaten enterprises. The most challenging element of this attack is looking credible and having the correct credentials and papers in order. Bad actors may request entry by posing as a delivery person, or a known vendor pretending to deliver supplies, packages, or food. They may also attempt to infiltrate by using the ‘hold the door’ approach. In this scenario, they pretend to be a fellow coworker who has forgotten their ID card/badge. They then ask someone who is entering the premises to hold the door for them.
Scam artists pose as Arkansas Department of Health officials claiming to conduct restaurant inspections. During the inspection, they demand immediate payment for alleged food safety violations. Arkansas Attorney General Rutledge says the “scam artists are exploiting the stress and burden faced by Arkansas businesses, as the owners focus on tightening their budgets to manage the skyrocketing inflation, supply issues and staffing shortages.”
Authorities say that a woman entered the Riverside University Health System Medical Center posing as a newly hired nurse and was able to gain access to the maternity ward. The woman entered a patient’s room, identified herself as a nurse, and attempted to take the patient’s newborn infant.
These examples illustrate that with careful planning and “looking the part” bad actors can gain physical access to enterprises. Having policies to deal with unknown personnel identification and access is vital to protecting your organization. It is equally important to test employee awareness and adherence to these policies.
The Social-Engineer Security Assessment Services will help your enterprise identify employee vulnerability to impersonation attacks. We deploy professionally trained Social Engineer Team agents for on-site impersonation day or night. We conduct point-in-time testing of vendor/visitor access policies and the physical perimeter. This full-scope program is multi-layered and may include badge cloning, credential harvesting, and network control. Please contact our team of experts and schedule a consultation.
*** This is a Security Bloggers Network syndicated blog from Social-Engineer, LLC authored by Social-Engineer. Read the original post at: https://www.social-engineer.com/impersonation-scams-social-engineering-news/
Authors/Presenters: *Cheng-Long Wang, Mengdi Huai, Di Wang* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content,…
Security testing allows you to evaluate the robustness of applications and systems and identify potential weaknesses that attackers may exploit.…
Did you know that the total number of data breaches more than tripled between 2013 and 2022? These breaches exposed…
PHP Extended Lifecycle Support (ELS) allows you to continue using older versions of PHP while still receiving security updates for…
In light of cookie stealing attacks and to ensure Chrome browser protection, Google has recently piloted its new Chrome DBSC.…
Our digital world is based on connectivity, but with that comes great responsibility. Businesses manage vast amounts of client information.…