Social engineering is the art of obtaining information from people who don’t want to give it. Journalists, law enforcement officers, and lawyers learn these skills as a trade. They learn techniquesto intimidate or sympathize with a person so that the person “reveals her hand.” Attackers use similar techniques to gather sensitive information from unsuspecting victims.
Call centers are a targetfor social engineering because they offer a great way to directly interact with employees from a given company. The company call center provides an attacker with a large population of targets. If thesetargets become hostile or become aware of the attacker, the attacker just needs to hang up and try again.
Attackers often seek targets who are new to the organization, are easily intimidated, ordon’t like dealing with confrontation. Call centers allow the attacker to leave a small footprint, meaning there is little chance the organization will even know that it is being attacked.
A sampleconversation between an attacker posing as a consumer and a call center employee may go something like this:
Employee: Thank you for calling Large Organization. Can I get your account number?
Caller:Yeah, sure. I think it is 55560-5-2219, but I could be wrong. I haven’t called in before.
Employee: That’s all right; give me a few minutes while I look up that account’s information.
Caller: Noproblem. How is your day going? (Jovial tone)
Employee: I can’t complain. It’s just been a little hectic around here with the merger and all.
Chapter 1: Intelligence Gathering: Peering Through theWindows to Your Organization Download at WoWeBook.Com
Caller: I read about that. It’s with Company X, right?
Employee: Yeah, a lot of us aren’t sure if there will be positions for us once the merger iscomplete.
Caller: Sorry to hear that.
Employee: I can’t find any information for the account number you gave me. Are you sure that is your account number?
Caller (ruffle of papers): I will...
Leer documento completo
Regístrate para leer el documento completo.