It’s that time of year again; Black Hat and DEF CON are right around the corner. As we all gear up to head to the desert, here are a few tips to keep you safe from social engineering attempts.
1. Be careful how you dispose of sensitive documents in your hotel room or retain them for secure disposal later (dumpster diving is a huge risk, and demonstrations at previous DEF CON shows have also shown how easy it is to bypass electronic and chain door locks).
2. Be mindful of disclosing personal details while in conversations with strangers (including hotel staff), especially at social events. Many elements of seemingly innocuous conversation can actually provide skilled attackers with valuable information. This tactic is known as elicitation.
3. Keep in mind that hotel safes are not as safe as you may think (past demonstrations have illustrated easy ways to unlock these safes).
4. Never give out sensitive information over the phone, especially if you received, rather than placed the call. Use known, public contact telephone numbers for your bank, credit card, and other sensitive accounts and dial them directly to avoid voice phishing (or, vishing) attacks.
5. Let people in your personal and professional circles know where you will be and the conditions under which you would be contacting them. Some have even devised a simple verification system to confirm the authenticity of communications. This may seem extreme, but pretexting and impersonation of individuals who are known to be traveling is a common social engineering methodology.
6. If you have to be online, never respond to emails/texts from unknown sources to avoid traditional phishing and SMS phishing (smishing).
7. Be mindful of personal space if you need to access an ATM or use a public computer. Sometimes the simplest tactics work to gain information, and that includes what we call shoulder surfing, or peering over someone’s shoulder to observe PIN entry or login credentials. Sometimes ATMs themselves can be compromised, so we suggest using ATMs out of the area of the conventions.
8. Secure access to your social media accounts as much as possible prior to the event. We all use social media readily through events like this; to find the next cool briefing, exchange commentary, and to organize times and places to physically connect. However, you cannot take it for granted that the person you follow and converse with normally is not being impersonated at a show like this. So, always use the https option for connecting to these services, use two-factor authentication measures to verify any changes, and watch what you click on in social media!
9. Use your critical thinking skills at all times. You must be aware that people try to hack others just for kicks at the cons. You don’t want to end up on the Wall of Sheep!
Stay safe and see you in Vegas.
