Example 4: The Odds are in Everybody’s Favor
The Odds are in Everybody’s Favor
True Story: Some time ago, the IT Help Desk at an organization received a frantic call from a “senior executive” claiming they needed help remembering their username for their email. The IT Help Desk walked through the security challenge questions, the caller paused and answered hesitantly, they got the answer correct, and the caller was provided with the username. A couple days later, the IT Help Desk received another call from the same “senior executive”. The caller needed help installing a VPN client, and they provided the IT Help Desk with their name, title, and username. Since the caller provided the username, the IT Help Desk skipped the security questions, and went straight to helping the caller install the VPN client. At the end, the caller said they “forgot” their password. Unfortunately, the IT Help Desk was eager to help, so they reset the password for the caller, granting them full access to the senior executives email account. Read the full story here.
Moral of the Story:
- This is a great reminder that anybody can fall victim to a social engineering attack, so it’s important to have security awareness training for all of your employees, whether they are technical or not. Everyone is a target because of their connection with your workplace, and it’s important to regularly reinforce to all employees that it’s essential that they personally uphold best practices for security every day.
- This is another scenario where MFA could have made a big difference in preventing the attacker from gaining access to the senior executives email account.
