Mark Amory | 12 June 2012
The other week I was making my regular return journey from London back to Leeds and was in the half-asleep state post training course when I was jolted awake by the most annoying of alarms – Someone else’s mobile ring-tone...
The chap three-seats back answered the call and it was quickly obvious from his comments that it was a return call from a car insurance company.
Over the next five minutes, he proceeded to tell all his fellow passengers his car registration number, his home address, phone number and to top it all - his credit card details, as he set up his annual payment for his 09 plate Vauxhall Omega.
I was completely dumb-struck that this person, oblivious to his surroundings, proceeded to freely give out such sensitive details in public place.
Social Engineering is an art many people can pick up quickly, but to master takes a long time, however with people like Mr Omega knocking about, then the job becomes all the more easier.
Our IT security systems are exceptionally good at the jobs they do nowadays, so in many cases those that wish to gain access have to get the users (you and I) to bypass them in some way or another.
Many of the social engineering tricks carried out across the Internet are done remotely, so be mindful of the risks which could be present in unsolicited emails, links to unknown websites - especially those in the form of a shortened URL, attachments in emails, requests to download updates to Java, or Flash, or Acrobat and spoof URLs that look like the legitimate sites they are copying.
If you would like to know more about security - from an I.T. or Human perspective, QA offer a wide range of Security related courses.