Social Engineering always wins

Author: Martin Voelk
April 19, 2015

As IT systems become more and more hardened, many script kiddies turn to easier alternative methods – mainly Social Engineering. Social Engineering is exploiting the weaknesses and the human layer, but getting someone to reveal a password over the phone, clicking on a “free voucher PDF” to win something or simply holding the doors open for someone they don’t even know. The possibilities are endless and unfortunately the success rates are 95% – 100%.┬áKevin Mitnick himself says: There is no cure for stupidity.

We try to educate our customers and employees as best as we can, but in every Penetration Testing engagement we are asked to do by our clients, we have at least 1 success due to social engineering techniques. Whenever people think they can win a $20 dollar voucher or get anything free, they will almost always click a malicious PDF just arrived in their Inbox, not matter how spammy it may look like. People will almost always plug a USB stick in when they receive a free USB from a nice stranger. People will almost always believe that the IT Support is really on the other line of the phone. The list goes on and on.

Here an interesting article from world’s famous Kevin Mitnick:



Comments are closed.