Danger: Dopamine Addiction

People like to be appreciated and know they are good at what they do. This goes for social engineering pentesters, too. We are contracted to think like the bad guys but are actually the good guys. This means we don’t post the details of a cool hack we found to get through a specific organization’s security over social media. Embarrassing a client is never good business! Despite the fact that SEs…

Winning the SECTF – DEF CON 22

As written by Stephanie Carruthers The Social Engineering Capture The Flag (SECTF) is a competition that is held at DEF CON. The competition is comprised of two parts, an information gathering phase and live call phase. A target company is randomly assigned and the information gathering stage begins with research of the company (by only using open-source intelligence and no physical contact)…

Phishing

"In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication" . Protection from Fraudlent Messages We typically associate phishing emails with poor grammar and misspellings. However, this is not the…

Customer Service

Customer service and help desk personnel are among an organization’s most vulnerable staff members. This is because their job is to provide “help” in a friendly and polite manner. As a result, attackers often exploit this to learn sensitive information. Customer Service —Phone Attackers usually obtain phone numbers from an organization’s website, in addition to any specific routing emails used…

Scam Artists

Scam artists engage in fraudulent or deceptive actions to defraud others. A common method scam artists use is Mass-Marketing Fraud. Mass-Marketing Fraud Mass marketing fraud (MMF) refers to any fraud scheme that uses mass-communication. This includes communication by the Internet, telephone, mail, or in-person. Mass-Marketing fraud includes schemes such as Romance Scams, Advanced Fee Fraud…

Information Brokers

The Federal Trade Commission (FTC) defines data brokers as “companies that collect information, including personal information about consumers, from a wide variety of sources for the purpose of reselling such information to their customers for various purposes, including verifying an individual’s identity, differentiating records, marketing products, and preventing financial fraud.” Protecting…

Disgruntled Employees

There are many factors that contribute to disgruntled employees in the workplace. However, the process typically begins with an employee feeling overworked, underpaid, unappreciated, or passed up for a promotion. In fact, a job satisfaction survey conducted by The Conference Board Consumer Confidence Survey® highlights the five components that US workers are least satisfied with. To enumerate,…

Identity Thieves

Sometimes people use the phrase identity theft and identity fraud interchangeably. However, two different processes are involved with these phrases. Identity theft is when identity thieves steal Personally Identifiable Information (PII). PII includes such things as your name, address, Social Security number and email address. Whereas identity fraud is the unauthorized use of stolen PII to…

Results for: Social media