Reply to Message

Social Networking just makes Social Engineering Easier

GDoC 26th Jan 2010

In most of the environments I've worked in in the last 30 years, it isn't the network, the servers, the services or anything else that has lead to more intrusions and data compromise than undereducated or uncaring USERS!
From the time back in the 1980s when a coworker (fellow nerd) landed a beautiful girl friend, who just so happened to be East German, to being a contractor and sitting at a users desk and asking questions about all the 20 pictures of thier favorite dog, to the simple phone call where you say, "Hello, this is Bob from the IT department, we seem to be having some issues ensuring you have access to all of your resources......we need you to log in and tell us exactly what you're typing so we can track the process...."

All of these have and will continue to work.

Most folks know not to open attachments from people you don't know, but when the hacker mines the social networks it becomes even more difficult for a user to tell friend from foe.

A word of caution to all you networkers out there:
DON'T network using your corporate accounts and don't check your personal mail at work.

A word of caution to the companies out there:
DON'T PERMIT external mail checks from internal systems. This includes webmail.

There are necessary variences to these rules, but even then you can mitigate them by not opening any unexpected attachments from any of your networked "friends" until you've asked them if they in fact actually sent them.

For some of my more critical clientelle where I've had to bend the rules, I've requested that they change a key phrase in the body of the message only when they are certifying an attachment; such as:
Change "Best regards," to "Best regards, and wishes," to signal a valid inclusion.