The companies selected were: Google, Wal-Mart, Symantec, Cisco, Microsoft, Pepsi, Ford and Coca-Cola
Of these, 135 employees were selected, then acting almost as Copp in Origin, they dedicated themselves to trying to extract information about the company in question. The objective was to obtain seemingly 'innocuous' data such as the operating system, the antivirus brand or – and this is really great – to try to get the target of the call to visit an external website prepared for the contest. The surprising thing was that they got many employees to visit her.
It is not difficult to imagine two things: Knowing the operating system / browser model and antivirus, it is extremely easy to make a quick sieve when designing an attack. And two: if you can convince someone to connect to a URL under your control, setting up a website with an 'infection kit' can be devastating and if we combine one and two, lethal
Of all the employees only 5 (all women) refused to reveal any information and hung up the call when they saw that there was something strange. Three of them have positions of responsibility in their respective companies
Many times organizations have their eyes on Firewalls, IPSs, secure authentication systems and ignore a key point when considering their security strategy: awareness at all levels
Author: Yago Jesús
Source: Security by Default
Authors: Computer Security News
