Between June 2015 to February 2016, a 15-year-old was able to break into the private email accounts of the Director of the CIA and the US Director of National Intelligence. He was able to do this via phone by posing as a Verizon employee in order to trick the company into sharing personal information about his victims, resetting passwords, and changing security questions.
This technique provided access to the CIA Director’s emails, contacts, iCloud storage, and his wife’s iPad, as well as plans for intelligence operations in Afghanistan and Iran. He also targeted other victims in the Department of Homeland Security, FBI, White House, and the US Department of Justice.
While this may be an extreme example of a successful social engineering attack, it highlights the fact that anyone and everyone is at risk of falling prey to strategic deception methods.
In this episode of the InSecurity Podcast, host Matt Stephenson is joined by special guest Jenny Radcliffe, Head of Training and Consultancy at JennyRadcliffe.com, who explains how adversaries using psychological methods can be a huge threat to organizations, and how understanding the methodologies employed are a valuable tool for security professionals for defending against social engineering attacks, scams, and cons of all kinds.