Social Engineering

Voice Phishing (Vishing) Attack on Hotel Guests

Here is a discussion of a recent voice phishing or vishing attack against hotel guests. It is really more of a social engineering attack, but thats ok. Apparently someone calls into hotels late at night, poses as a hotel employee, and tries to trick guests into disclosing personal information, including name, credit card info, etc.

It doesn't seem like a very effective attack - most guests would be furious that they were woken up.

Hacker Social Engineers His Way Into Walmart/Target

Defcon held a social engineering contest at the last Blackhat/Defcon conference. Participants had 20 minutes to show how they could call in and social engineer their way into a target. Here is an article about the contest and one contestant who social engineered their way into Walmart and Target stores.

The bottom line is that social engineering is live and well. Advances with data network security, as well as the abiity to gather intelligence on a target via the Internet (google, Facebook, on and on), spoofing caller ID (which they didn't even do in the contest), make social engineering a very efficient hacking technique.

Note that I added a list for social engineering.