Slashdot Mirror

← Back to Stories (view on slashdot.org)

Social Engineering in the Workplace

Posted by michael on from the plain-white-van-goes-a-long-way dept.

An anonymous reader writes "Could a total stranger walk out of your business with thousands of dollars in merchandise without your knowing? Even worse, could they manipulate you into helping them each step along the way?"

5 of 316 comments (clear)

  1. Re:Human Limits of Security by dilweed · · Score: 5, Informative

    Correction: He wasn't wearing a suit. He was wearing a black polo and khakis, aka the casual corporate uniform.

    It's been said that with a hard hat and a clipboard you can get into nearly any building. This is just another example of that taken a step further.

  2. Re:"social engineering" is the easy way. by 91degrees · · Score: 3, Informative

    How hard can it be to get usernames/passwords this way?

    I read about early hackers in "Approaching Zero" (by Brian clough & Paul Mungo) It's been common practice amongst hackers since the 80's or before. I hope that since then companies have learned to train their staff to check people are who they say they are. However, lots of money has been lost by people being tricked by email into going to fake bank websites and entering their personal details. It's more or less the same thing.

  3. Re:Stupid by TinheadNed · · Score: 5, Informative

    Well, because while the warehouse guys and shop flunkies can come and go on a weekly basis, nobody, NOBODY ever gets to pay with the money. Two people are normally required to do the counting, and then it gets put in the safe.

    Also, while moving merchandise round is done everywhere in broadly the same way, the cash routines are normally more tightly fixed and less easy to predict. Also, the money has to be counted nice and carefully as the cashiers need to check they haven't screwed up during the day.

  4. Second Slashdotting--Drupal by Brian+Puccio · · Score: 4, Informative

    Actually, it's his second slashdotting, and his CMS, Drupal, has an anti-slashdotting mechanism built in--caching.

  5. Trust AND Fear by Titusdot+Groan · · Score: 4, Informative
    The best way to combat social engineering is to have policies in place AND allow people to enforce them. The second biggest hurdle is security people afraid of some uppity VP getting upset because you aren't giving him "special consideration".

    If the minimum wage plus a couple of bucks guard can prevent the blustering VP of Operations who forgot his security pass from entering the building WITHOUT repercussions AND the guard knows it; you have a chance of social engineering not working.

    There's a probably apocryphal story of one of the von Siemens being stopped from getting into one their own buildings by some old German guard. The punch line is the old guy saying "Yes, I admit you LOOK a lot like von Siemens and you PROBABLY are von Siemens but without papers you are not getting into this building". von Siemens thought about it for a while, settled down and gave the old guy a big bonus. The story was passed around to everyone as how security should be done.