Re: social engineering of museum security in Canada



*wipes a tear, sniffles*
That's beautiful.



And regarding the OP-- yeah, I think I saw that in Sneakers too come to think of it. ;)

Re: social engineering of museum security in Canada

I was talking with someone this past week about a social engineering they did as part of a penetration test.

They mined the Internet for employees with email addresses from the target company.
They sent an obvious phishing email to those employee's
They called those employee's on the phone telling them that they were from the company's IT Security group and asking if they had received a specific email, which obviously they did.
They then told those employee's that the email had planted malware on their computers and that that they would be sending them a second email with a link where they had to go in order to disinfect their computer.
They sent an email them these employee's, using a forged header, with a link to an IP Address that these employee's were to click on.
When these employee's went to the link they were asked for user ID's, passwords, etc.

They did not collect any information from the user's only the number of users that visited the site.

Re: social engineering of museum security in Canada

I'm not surprised to be honest. People are dumb when it comes to someone else's security. The guards probably aren't paid enough to be really suspicious of such things. They were probably thankful they were false alarms since they interrupted their poker game or something.

Re: social engineering of museum security in Canada

For cripe sakes, that's the opening act in "Sneakers".