Re: An alternative social engineering approach

I've read that one before. It is a very interesting approach.

The same reaction occured here in the office the other day. Someone found an "unknown" USB drive and immediately plugged it in to "see what was on it."

Re: An alternative social engineering approach

Wouldn't a decent "on-access" scanner pick up the trojan as they start looking through the files. Or is the credit union functioning with that little of protection? I guess I get really surprised at how weak some of these corporate defenses are. You would think a bank would be more secure in their technology not just the physical aspect of vaults and alarms.

Re: An alternative social engineering approach

Any AV product is only as good as what it knows to look for.

This doesn't really seem like it's the bank's fault inasmuch as it's a combination of a couple of things: the fact that most people don't understand that their actions in relation to a computer may pose a security hazard, and the underlying engineering of the OS permitting a lax security posture in regards to USB.

You could change the setting to just about any other industry and I'd be willing to bet that at least 85% of the time you'd get exactly the same result. This doesn't mean that the financial industry is more or less secure than any other, just that it happened to be used as the backdrop to all of this - and it was likely chosen specifically for mild shock value.