RE: Steps to avoid Social Engineering

["Aruna" <arunah () slt lk>]

Try to get verbal emails confirmed.

It looks fundamental , but works.

aruna

-----Original Message-----
From: Tabs The Cat [mailto:tabsthecat () gmail com] 
Sent: Tuesday, April 19, 2005 12:39 AM
To: security-basics () securityfocus com
Subject: Steps to avoid Social Engineering

Hello y'all,

     I have a question for you guys (and gals). We all know about social
engineering. Some of us use it on a daily basis. And we all know how
it can be even more dangerous than any computerized attacks, but how
can we protect against it?

     I'll give you an example: we have a database based program that
was written by and maintained by a third party that is in another
city. In the past when they needed access for maintenance, we would
provide them it via VPN. Recently there has been a problem so they
were contacted. Earlier today someone from that company phoned me to
discuss details about the VPN. I haven't given them any information
yet. In this case I am fairly positive it is legit since they knew the
company that we use as well as who lodged the complaint.

     But how could I get this person (or any one in the future) prove
to me that they are the people who are they say they are? Any advice?

Tabs