Social engineering has been big in the news yet again this year. In September, security researchers discovered an attack against Germany’s chipTAN banking system, in which bank customers were tricked into approving fraudulent transfers from their own accounts.
In August, tech journalist Mat Honan had his digital life erased, as hackers social engineered Apple and Amazon call centres.
In May it was reported that Czech thieves stole a 10-tonne bridge. When challenged by police during a routine check, they showed forged documents saying they were working on a new bicycle path.
In January, a fraudster obtained Microsoft co-founder Paul Allen’s credit card details by social engineering workers in Citibank call centres.
In December, Wells Fargo were tricked into wiring $2.1 million to a bogus bank account in Hong Kong following a series of fraudulent faxes. The bank described itself as the victim of a “sophisticated fraud”. The list goes on.
What’s next? Who will be the next social engineering headline? What are you doing to protect your organisation against social engineering attacks? Not picking up the phone is not an option. You have to interact with the outside world, and there are no firewalls for human conversation yet. So this is where the trainings at DeepSec 2012 come into play. There will be a workshop called “Social Engineering Testing for IT Security Professionals“, conducted by Sharon Conheady and Martin Law. Both are experts, and they will show you what can go wrong with your security architecture and what you can do to avoid it. They will also cover testing methodologies since more and more organisations are conducting social engineering tests to identify security weaknesses and improve security awareness. Such tests may appear to be easy, but when you get down to it, they can be surprisingly difficult to perform. This workshop will teach participants how to perform a social engineering test using proven techniques and a repeatable methodology.
Participants take this training workshop either because they want to learn how to conduct an ethical social engineering test, or because they want to learn how social engineers work and how better to defend against social engineering attacks.