Global Security, Privacy, & Risk Management

InfoSec 101: Social Engineering December 17, 2011

I just received a call from a friend of mine who wanted to talk about a phone call they had received.  A person with an Indian accent called their house from 999-901-3307 and explained that he worked with Microsoft and that their computer: “was infected with a number of viruses.”  He asked them to visit a few screens and verify some ‘warnings’.  He then asked them to allow him to access their computer to fix the issues.   Luckily my friends were savvy enough to hang up the phone and not provide access.  This is a classic example of what we call Social Engineering.  Many people mistakenly believe that the easiest way to ‘hack’ or compromise a computer system is through technical means.  In reality, it is often quicker and easier to simply have someone ‘invite’ the hacker into the system.  If you ever receive a call, email, letter or any other communication from someone professing to be from Microsoft or some other vendor, you are well served to hang up.  They will not call you directly, and without your request, to ask for access to your computer system.