Lately there has been a lot of news reports about the increase in social engineering attacks against companies. Just take a look at this article we archived from ThreatPost.com entitled, “Attackers and Phishers Still Winning the War.”
It brings to light some very interesting facts…. malicious social engineers are looking at what is “bothering” people and then offering information and/or solutions if “you just click here.” Everything from money help for the economic woes people are experiencing right down to cures for the H1N1 Virus. It makes a further valid point, that the users are the ones who are to blame. We take a less strict stance here at social-engineer.org. We feel that too many people are in fear and having life problems they WANT a solution. Due to that, they click… they browse… they download. Why? Because maybe, just maybe, there is a solution at the other end of that link.
This brings us to our main story for today. Even though this is an older story is an “oldie but goodie…” It was archived on our site from www.wired.com.
AOL, yes AOL again. A social engineer called AOL’s tech support and some how convinced the support rep to accept an EXECUTABLE file then… wait for it… wait for it… YES, execute the file. When the file was executed it connected the support users computer to an IRC Channel and allowed the hacker to issue commands.
Those commands allowed the hacker to gain access to Merlin, AOL’s internal Database, as well as over 35 million accounts.
Another attacker called in pretending to be a user who just had mouth surgery and only had the screen name. When he mumbled the user info over and over, the rep finally got frustrated and gave him the information he needed. After a few calls he was able to obtain a full user account with password change.
This article truly shows major weaknesses in the way call centers operate and reveals weaknesses that will and DID bring major companies to their knees.
We are scouring the Internet for more stories. Keep sending in your links and we hope you enjoy reading.
On another note… did you see this great little thing Google has done? Go to www.google.com and just hit “I’m feeling lucky” with nothing in the search box and see what happens.
Its a countdown.. we will let you figure out what it is for.
Till next time.