Are You Too Trusting?
In the United States we are pretty trustworthy. We pick up conversations with people standing in line. We talk about our football teams; we talk about where we grew up and maybe find an acquaintance in the process. We pride ourselves in being open and friendly. We want to help and feel badly when we cannot help someone else. Notable accomplishments as a country and a people, and things we should hold with pride. Unfortunately, the unscrupulous among us do not feel the same way.
I have seen as an IT professional how people lose their ability to keep secrets, and as a result, lose more than their passwords. For instance, let’s say that I want to get the password that “Sue" is using to get to her bank account.
My first piece of information about “Sue" is “Sue’s" friends. How would I find that out? Look at her social network, where people also list their work phone number and maybe even their home phone number. I would then call Sue at work and explain that I know one of her friends and that I work at Sue’s place as a member of the IT department. I slowly gain her trust to the point where I can either guess her password, or she may give it to me as part of our conversation. How would I do that?
Bad Guy: “Good morning Sue, I am George in IT. I noticed that you may have a virus and wanted to check your main screen for any problems. I talked with Karen down here who knows you and she said that you had those problems before."
Sue: “I don’t believe I know you George. How long have you worked at this location?"
Bad Guy: “Only a few weeks. Sam from HR hired me and he was pretty quick about it. I used to work at Company ‘X’ but left there because I wanted someplace more friendly to work. This is certainly the place."
Sue: “Well I am glad you like it."
Bad Guy: “Karen says that you are big ‘Slugs’ fan. I am a personal fan of the ‘Salt’ team myself."
Sue: “They are our biggest rivals!"
Bad Guy: “Sorry about that, but we must go where our hearts take us."
Sue: “Well, I guess I can forgive that as long as you work here. Now, what was it that you wanted?..."
And it goes on from there. The Bad Guy may not be able to get the password on the first shot, but he or she will continue with future phone calls at random times and days until they get what they want. What happens when they do get your password is pure chaos.