Security Basics mailing list archives
Re: Steps to avoid Social Engineering
From: John Blackley <jblackley () sysmatrix net>
Date: 20 Apr 2005 01:51:13 -0000
In-Reply-To: <8a9a90f405041811393557cacb () mail gmail com> I sympathise with your problem and the first piece of advice I have for you is this: You may be able to reduce the risk and you may not be able to entirely eliminate it. However, beware of the risk of making your controls so convoluted that you disappear up your own environment. Some thoughts on controls: A single point of contact at the third-party company begins to reduce the risk of impersonation - only receive calls from an authorised person at the third-party (allowing a backup, of course, for when he/she isn't available to make the call). When someone calls from the third-party, call them back at the third-party's switchboard and ask to be connected to them. If you have a written contract with the third-party and that contract has some kind of identifier on it (contract or PO number), ask for that. You can go on from here yourself, I'm sure. The key here is simple, easily-established rules that give you some assurance that you are talking to the person you think you're talking to. Good Luck John A Blackley
Current thread:
- Re: Steps to avoid Social Engineering, (continued)
- Re: Steps to avoid Social Engineering Raoul Armfield (Apr 20)
- Re: Steps to avoid Social Engineering Alvaro Prieto (Apr 20)
- RE: Steps to avoid Social Engineering Reece, Terry (Apr 19)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 19)
- Re: Steps to avoid Social Engineering John Pettitt (Apr 20)
- Re: Steps to avoid Social Engineering rusty chiles (Apr 20)
- RE: Steps to avoid Social Engineering Sanders, Jonathan (Apr 20)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 20)
- Re: Steps to avoid Social Engineering John Pettitt (Apr 20)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 20)
- RE: Steps to avoid Social Engineering Patoff Pat-EtHiQ (Apr 20)
- Re: Steps to avoid Social Engineering John Blackley (Apr 20)
- RE: Steps to avoid Social Engineering Sanders, Jonathan (Apr 20)
- RE: Steps to avoid Social Engineering David (Apr 21)