Quote:
Originally Posted by raymor
Spear phishing is a good example of social engineering, which generally means fooling humans. The most commonly used example is probably calling and pretending to be part of the same company, saying "this is Fred from the Omaha office". Typically the caller has an urgent problem that is a big deal for the boss. Perhaps the boss is about to give a big presentation and his laptop with the presentation on it just died, so he needs remote access to his desktop NOW.
Another example would be if I called your web hosting company pretending to be you. I would call at 2AM, when their boss isn't there, just the new guy working the shit shift. I'd claim (or cause) a server down and ask for a KVM to be put on it immediately. That KVM would let me boot into special rescue modes where passwords aren't required.
But yeah, phishing would be the most simplistic form of social engineering, social engineering for morons.
|
That is precisely why some things will just not be done by phone. And if what Bareback posted is true; wow.
Quote:
Originally Posted by directfiesta
password changed ... everything looked normal .
|
Safety first. Wonder how the person was able to answer the security questions properly; must know him.