Hey Steve! I'm calling your name so that you know this is about you - I gave you my card at the bookstore.
For everyone else, here's how it went...
I'm sitting at the cafe in the bookstore, minding my own business, when I hear a gentleman behind me start speaking on the phone. Nothing odd there; everyone does it - it's not like it's a library, right?
Then the call gets interesting. Steve began speaking about a donation. Being someone that considers Social Engineering (see a pro here, more here, and here) one of the most, if not the most, under treated security risk, I naturally began to listen more closely. And yes, he began to read off his credit card number (it was a Visa), along with his address, and year of birth.
Ah the damage that can be done with that. So Steve I gave you my card with little hope that you'll read this and appreciate the free advice of a security consultant.
This, of course, isn't really social engineering but instead a form of "shoulder surfing" which can also be an excellent way of getting passwords, PINs, and other access data.
Look folks. If you going to have that sort of conversation, take it outside so that you're not sharing the data with a handful of people that are reading - or in other words, focusing on remembering information. This sort of thing hurts to witness when so many people want advice on firewalls, alarm systems, shredders, and so on.
This is an example of poor OPSEC and I'm not saying we need to develop detailed OPSEC policies for our daily life, but hey at least keep your personal information and access to any financial resources "close to the chest," please.
No comments:
Post a Comment