Wednesday, June 29, 2011

Social Engineering - New way of hacking

Social Engineering is the new way of hacking and getting into systems, here's my case.

Got a phone call today at 2:24PM from an unknown caller. They asked for the person's name (whom the number is listed under) I continued to speak as if I am them as they explained that "your computer was generating errors" or messages or something rather "when browsing the internet and downloading..." of course being in this field I know what they are saying is completely bogus but I wanted to find out more about what they doing, suggesting and their intentions and goals (as I always do with phone calls to me).

I asked who are they, where they calling from and what is the problem. They answered (something like) 'windows department' (I don't remember the exact answer), 'New York' and the problem is 'the errors' (or similar answer) in that order. I got somewhat fed up with the lack of information in the answers and said I am a system administrator and what they are saying is bullshit so they said "it's not bullshit" and that was the last I heard from them as they hung up unfortunately. I do regret ending the conversation short and wish I could get more information that would help in future mitigation of such attackers (training my staff accordingly) and ultimately to convict these criminals.

What I wish to have learned:
What exactly they wanted to do and how did they want to do it?
For example; did they want me to download something on my computer to help 'solve the problem'? (probably a virus or other malicious type of software that would most likely log what I have potentially email username/passwords and bank account numbers and passwords, spreading itself to other computers that mine would be in contact with) or did they want to sell me something (which would be like a scam or fraud) or maybe their intention is to have my computer infected from the conversation of let's say download something and then they would offer whatever they sell to fix it.

Whether they are scamming to get into the computer and have control over it or they just want to make a quick buck is still unclear but from the clues I do have they most likely want access directly into my computer since they did identify as a windows department of sorts.

Many questions still unanswered and I still working on making a recording system because I feel recording phone conversations is important these days to both protect myself and also everyone else as I could report them to authorities to help stop such criminal defrauders.

As always give me your opinions, comments and thoughts. If you have encountered such security threats or have ideas as to how to record conversations automatically when answering my phone.

Thanks for visiting EduBoris blog! 

1 comment:

joe said...

Thanks for sharing this post with us. It's really an amazing post. Keep posting the good work in future too.