Tales From HelpDesk
Floz wrote 06/04/2015 at 23:48 • 1 pointHelpdesk: "Hi, you've reached HelpDesk, what seems to be the problem?"
User: "I can't connect, nothing loads."
Helpdesk: "Ok, first of all, let's gather some information, what platform and browser are you using?"
User: "Windows 8 and IE 11"
Helpdesk: "Ok good, and when you load the portal, what is displayed?"
User: "Unable to connect to server."
Helpdesk: "Let's check your network conn..."
User: "Hold on, I have Jeff on the other line with IT."
(Jeff doesn't work in my department, or any departments we work with.)
Helpdesk: "Jeff?"
User: "Yeah, Jeff... he said something about antivirus."
Helpdesk: "Has he instructed you to download anything?"
User: "Yeah, it's scanning now."
Helpdesk: "Do me a favor, hun... Ask Jeff who our Department Head is, please?"
User: "He hung up."
Helpdesk: "Ok, now please power your computer down, disconnect it from the network, and let's discuss what just happened..."
This user had to perform an OEM wipe on their device. Credentials and names have been changed to protect the innocent. Scammers are innocent until I catch them and share my logs with the authorities. Moral of the story, social engineering is alive and well, ladies and gentlemen.
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.
When I was ISO for a good-size organization, (before the hair fell out and the nice men in the white coats came and put me in this funny jacket) I had a poster showing the cartoon character Pogo and his famous slogan, "We have met the enemy and he is us." Downloading crap with malware, going to unsavory sites, trying to put wireless routers on our network when they were strictly forbidden (we dealt with sensitive LE info), the fun would never end. The head of IT when I came on board felt that giving the users greater responsibility/privileges would make for easier remote administration and would produce more technically proficient users - which I wholeheartedly disagreed with. 3 near-disasters and 4 months later we were doing it my way - the "Mordac, Denier of Computer Services" way. PS - I was not committed to a mental health facility, Actually I retired - 37 years in IT was enough. From punch cards to smartphones. You folk still in the ITSec trenches have my admiration and sympathy.
Are you sure? yes | no
Interesting and important. But please do us all a favor: "social Engineering" itself is a (neutral) skill, which is NOT harmfull or bad itself, so don't use it as if it is used soley by criminals or only with bad intentions. I sadly see the same thing happening here like it was done to by mainstream media withe the term "hacker". Hacker beeing a discription for computer skilled person, which was "crimelised" by the media, because they are to lazy/dump to make a difference between hacker and cracker.
Are you sure? yes | no
You make a VERY good point.
Tools are neither good nor bad, it's what a person uses those tools for. By comparison, I can feed my family with a hunting rifle. However, another person can cause a great deal of harm to others with the same hunting rifle. In neither situation is the rifle to blame for the outcome.
Are you sure? yes | no
Being a network engineer, I've always found layer 8 the most difficult to secure... It really is true what they say when it comes to spear phishing: No matter how well your users are trained, the attacker only needs to be lucky once. ;P
Are you sure? yes | no