Security Basics mailing list archives
RE: Steps to avoid Social Engineering
From: "Patoff Pat-EtHiQ" <patoff22 () hotmail com>
Date: Tue, 19 Apr 2005 16:32:45 +0000
A good and easy way, if the third party company has a wesite or a specific phone call at there office. If you know that phone you can recall the person at this number and ask for him, if we reject the case he hijack the phone...
With internet the third party may have a specific domain that you can wrote to him and they will reply to you to assert it's really him...
To avoid S-E when you don't see a person it's often base on a 'physical way' to prove the identity..
Hope it helps Pat ------------------- Hello y'all, I have a question for you guys (and gals). We all know about social engineering. Some of us use it on a daily basis. And we all know how it can be even more dangerous than any computerized attacks, but how can we protect against it? I'll give you an example: we have a database based program that was written by and maintained by a third party that is in another city. In the past when they needed access for maintenance, we would provide them it via VPN. Recently there has been a problem so they were contacted. Earlier today someone from that company phoned me to discuss details about the VPN. I haven't given them any information yet. In this case I am fairly positive it is legit since they knew the company that we use as well as who lodged the complaint. But how could I get this person (or any one in the future) prove to me that they are the people who are they say they are? Any advice? Tabs
Current thread:
- Steps to avoid Social Engineering Tabs The Cat (Apr 18)
- Re: Steps to avoid Social Engineering Cd Pirate (Apr 19)
- Re: Steps to avoid Social Engineering Micheal Espinola Jr (Apr 20)
- Re: Steps to avoid Social Engineering Dave Peters (Apr 21)
- RE: Steps to avoid Social Engineering J B (Apr 19)
- Re: Steps to avoid Social Engineering T. Shannon Gilvary (Apr 19)
- Re: Steps to avoid Social Engineering David Roman Esteban (Apr 19)
- RE: Steps to avoid Social Engineering David (Apr 19)
- Re: Steps to avoid Social Engineering Times Enemy (Apr 20)
- RE: Steps to avoid Social Engineering Aruna (Apr 19)
- RE: Steps to avoid Social Engineering Patoff Pat-EtHiQ (Apr 19)
- RE: Steps to avoid Social Engineering Yashodhan Deshpande (Apr 20)
- RE: Steps to avoid Social Engineering Matt Cunnane (Apr 19)
- Re: Steps to avoid Social Engineering Raoul Armfield (Apr 20)
- Re: Steps to avoid Social Engineering Alvaro Prieto (Apr 20)
- <Possible follow-ups>
- RE: Steps to avoid Social Engineering Reece, Terry (Apr 19)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 19)
- Re: Steps to avoid Social Engineering John Pettitt (Apr 20)
- Re: Steps to avoid Social Engineering rusty chiles (Apr 20)
- RE: Steps to avoid Social Engineering Sanders, Jonathan (Apr 20)
- RE: Steps to avoid Social Engineering P. Rodriguez (Apr 20)
(Thread continues...)
- Re: Steps to avoid Social Engineering Cd Pirate (Apr 19)