Social Engineering

Voice Phishing (Vishing) Attack on Hotel Guests

Here is a discussion of a recent voice phishing or vishing attack against hotel guests. It is really more of a social engineering attack, but thats ok. Apparently someone calls into hotels late at night, poses as a hotel employee, and tries to trick guests into disclosing personal information, including name, credit card info, etc.

It doesn't seem like a very effective attack - most guests would be furious that they were woken up.

http://www.katu.com/news/local/Phishing-scam-targets-hotel-guests-in-the-middle-of-the-night-174493231.html

Hacker Social Engineers His Way Into Walmart/Target

Defcon held a social engineering contest at the last Blackhat/Defcon conference. Participants had 20 minutes to show how they could call in and social engineer their way into a target. Here is an article about the contest and one contestant who social engineered their way into Walmart and Target stores.

http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm

The bottom line is that social engineering is live and well. Advances with data network security, as well as the abiity to gather intelligence on a target via the Internet (google, Facebook, on and on), spoofing caller ID (which they didn't even do in the contest), make social engineering a very efficient hacking technique.

Note that I added a list for social engineering.