Social-Engineer Blog - Page 2 of 8 - Social-Engineer.Com - Professional Social Engineering Training and Services

by Social-Engineer • October 10, 2018 Leave a Comment

Information Risks of Travel

So, you’re on the road for work again, are you? Or, you’re heading out soon? Regardless of when, if you travel for work you should know about the information risks of travel and how it increases the risk of identity theft and, therefore, future social engineering attempts. How does travel affect identity theft? When you pack up to go on a trip, work or personal, you take at least two items that contain sensitive, personally identifiably information: your license, and your ticket or a device that contains your ticket. A malicious actor’s desire to duplicate this information means travel increases the […] Continue Reading >

by Social-Engineer • September 12, 2018 Leave a Comment

What is Critical Thinking?

In the field of security awareness and associated training, the term “critical thinking” is thrown about as an effective defense against social engineering attacks. So, what is critical thinking? And how can it be applied in day-to-day activities to make a user or an entire user–base more secure? According to the Foundation for Critical Thinking, a “well cultivated critical thinker” gathers and assesses relevant information and comes to well-reasoned conclusions and solutions. One also thinks open-mindedly within alternative systems of thought, while recognizing and assessing their assumptions, implications, and practical consequences. Let’s break that down a bit. “Gathers and assesses […] Continue Reading >

by Social-Engineer • September 7, 2018 Leave a Comment

Protecting Trade Secrets from Physical Intruders

Companies that hold trade secrets, intellectual property, or proprietary research are under attack. The attack is multifaceted and includes both cyber and physical intrusion. As mentioned in the March 2018 Social-Engineer.org Newsletter, cyberespionage has “changed from isolated and individualized attacks to attacks run by distinct groups resembling traditional Mafia organizations.” Additionally, protecting trade secrets from physical intruders must be a priority. Companies are at risk from social engineering attacks that include physical intrusion. Tailgating is one of the most common methods used by intruders to gain unauthorized entry. An intruder may also pose as a contractor, business contact, delivery person, […] Continue Reading >

by Social-Engineer • August 7, 2018 Leave a Comment

It Is Important To Have Ethics In Social Engineering

Over the years of being a professional social engineer (SE), I have been asked questions like, “Are you really testing your clients if you don’t use EVERY method possible?” Or, “You are acting like the bad guys, why do you need to have rules?” And even, “I don’t need to leave them feeling better if I am trying to breach, do I?” It is time to discuss these questions, why ethics in social engineering is so important, and crafting a social engineering code of ethics. How can you maintain a code of ethics and promote professionalism? How can you avoid […] Continue Reading >

by Social-Engineer • July 13, 2018 Leave a Comment

Free Yourself from FUD

Fear, uncertainty, and doubt (FUD) hold powerful influence over humans. Fear itself is a deeply powerful emotion that causes specific reactions in the brain, and uncertainty and doubt are feelings that manipulate your actions, your employees’ actions, and your business operations. Examples of FUD have a long-standing history in the information technology and information security industries. In the 1970s, IBM utilized FUD tactics to make buyers question trying new products by casting a shadow of fear over the idea of unknown products compared to IBM’s safe, known offerings. In the 1980s, IBM was given a taste of its own medicine […] Continue Reading >

by Social-Engineer • July 3, 2018 Leave a Comment

What Do You Know About Tweedle Beetles?

For that past few years, thanks to having an amazing little addition to my family, I have been reading a lot of Dr. Seuss books, and one of my favorites is “Fox in Socks” If you haven’t read it to your kids, you should. Well…you can try. If you don’t have kids it is an entertaining read anyway. It puts your tongue to the test when read out loud. The last story in the book talks about “tweedle beetles” and for some reason it, got me thinking about phishing. Phishing these days comes in many forms and names, just like […] Continue Reading >

by Social-Engineer • June 14, 2018 Leave a Comment

Healthcare: Security in Crisis?

The other day my wife went to the doctor, and a few weeks before that we took our son to the dentist. We had to fill out all the paperwork and give them all the usual PII, including name, address, phone number, alternate contacts, SS#, DOB, driver’s license, insurance info, weight, height, underwear size (just kidding), then we paid them with our credit card. All the while trusting that they are keeping our information safe and secure. Well, they are keeping the information we entrust them with secure, right? How do we know if they are? Let’s look at […] Continue Reading >

by Social-Engineer • May 14, 2018 Leave a Comment

Vendors, Educating, and Social Media Marketing

What do professionals inadvertently disclose about the operations security (OPSEC) of their organizations and themselves while giving advice? Becoming a known educator and voice in your area of expertise is effectively done by drawing connections between yourself, your knowledge base, and your audience. Often in Information Security (InfoSec), this involves sharing an anecdote or short story that others can relate to and emphasizing the security benefits or areas of improvement that are seen in the story. However, even the most savvy security professionals should be wary of what information they provide that could be used by an attacker. Where is […] Continue Reading >

by Social-Engineer • April 12, 2018 Leave a Comment

A Nonverbal Analysis of Mark Zuckerberg’s Congress Testimony

Most of us are familiar with the fact that Mark Zuckerberg, CEO of Facebook, is testifying in front of Congress this week regarding Facebook’s mishandling of user data. This hearing is being watched around the globe by corporations, governments, and users alike. Like many of you, I am watching much of the hearing to see what is being said. But I also am watching much of it to see what is NOT being said, by doing a nonverbal analysis. This nonverbal analysis will cover microexpressions and body language tells that may reveal what Mr. Zuckerberg is thinking. A microexpression is […] Continue Reading >

by Social-Engineer • April 9, 2018 Leave a Comment

Your Phone’s Betrayal

Look at your phone and ask yourself, do you rely on that tiny device for your business dealings? Your important family notifications? Your link to the outside world? If the answer to any of these is “yes” then it is critical you be aware of the rise in phone porting scams, and how they can affect you and your business. According to the New York Times, there were 1,038 documented cases of phone porting incidents in 2013, and that number jumped to 2,658 in 2016. In February of this year, there was a resurgence in this type of attack, largely […] Continue Reading >

Now Available from Hadnagy & Fincher

Looking for something?

Receive Social-Engineer Updates

Helpful Links