Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 28 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Attacking from the outside

by The Gurus
March 16, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

Anyone who has had the pleasure of seeing social engineer and people hacker Jenny Radcliffe speak will know what I mean when I say that she can see beyond the conventional eye.
 
Sitting with her at a recent conference where she spoke in front of the charity security community, I wanted to get her thoughts on what the modern IT professional can do to better spot that attacker both inside and outside of the office.
 
We’ll get on to insider threats later, but firstly I wanted to get an understanding of the common characteristics of an attacker from outside the organisation. Now an unseen attacker is obviously hard to spot and get a profile of, but Jenny said that there are some common traits of a scammer on the phone that can be more straight forward.
 
“There are a few things that you might be suspicious of that could give away a less than genuine person, though, it only potentially gives them away,” she said. “It is not a case of A equals B, but there a few things I would tell people to look out for,”
 
On the phone, Jenny said, there are a number of common traits that might give away someone deliberately trying to get targeted information on your organisation. Firstly, she said that on a phone call, if someone claims to be in a hurry and is needing help, and needs to talk to you, and only you, and they need the information right now, that can be suspicious.
 
She said: “When you are genuinely in need of assistance, usually you take anyone’s help, but a social engineer will have specifically targeted that person, so may insist on talking to that person, and that person alone, looking for information that only they are likely to know”
 
So, the person wanting specifically YOUR help right there and then is worth looking out for. The second point that Jenny made is that a social engineer is likely to get angry rather than apologetic. “A genuine person is likely to apologise and be quite self effacing, while a social engineer might name the boss and make threats, dropping names to put the person under pressure. That is a big flag for me,” she said.
 
As we have detailed in the past, spear phishers will do their research into the target organisation and identify employees who may be easy to get to and might help them build the borader picture of a company. In the case of this type of attack, the social engineer may have identified their target and is looking to use that individual to gather any information about the organisation they can find, so that they can find a way to use it later.
 
“On a call, a social engineer will be curious, nosy, let you speak a lot,” she said. “If you realise that you have been on a call for 20 minutes and the other person hardly spoke and let you do all the talking, then that can also be a flag.” Jenny admitted that this not a catch-all scenario, as some people are naturally curious, but if the person on the phone is persistent about your details, and those of your company, but reticient and evasive about details of their own, this is also suspicious.
 
“There will be a basic story that they are working with, however, behind those basics it is likely to be pretty patchy, thin, and lacking in detail. Lies of this nature often lack depth and don’t “fly” under closer or persistent questioning. There may be a lack of detail or emotion behind the story as it is a construct, rather than the truth.”
 
Jenny concluded by saying that these elements of an attack from the outside: in a hurry; getting angry too quickly; curiousness on any details; and reticence about their own details, are common, but it can vary from case to case as it depends on the person.
 
She said: “If I talk about coffee preferences, you wouldn’t show much interest as you probably have no real reason to remember that information, no motivation to work with it. Trivial information may not interest a genuine person very much, but a social engineer wants that information and will work hard to find out all the details.”
 
With phone scams still a problem and members of the public often caught out all too easily, this advice could a long way to ensuring your staff are better prepared in the face of the unseen enemy.
 
 
Tomorrow Jenny talks about the threat inside the organisation, and how to spot them.
 
 
Jenny Radcliffe was talking to Dan Raywood

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Yahoo deploys end-to-end encryption for webmail

Next Post

Adam Tonks crowned as Cyber Security Challenge winner

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information