“Hi, this is Robert Downs from Dell support — I got redirected to this number by accident by the guy I called, is this Guy?”
“Hi Robert — I’m the receptionist, Donna, I could redirect you to Guy — do you know his extension?”
“Well he said he was pretty busy but I just need a few generic questions to close out this help ticket so I can go home — do you think you can help?”
“Uh, I don’t know…”
“Please? Its after 7 here and I really got to go home. Its just a second”
“Um. Ok, sure.”
What operating system do you use?
>>XP
What web browsers do you have on your PC?
>Firefox 2.0 and IE6
Do you use outlook?
>No, we use a webmail
When was the last time you updated?
>The IT team does updates every Tuesday night.
What version of Acrobat Reader do you have?
>7
What’s your antivirus/endpoint security brand?
>Mcafee endpoint security.
…
It might not look like it at first, but Mr. “Downs” from “Dell technical support” is a hacker who just obtained enough reconnosence to compromise users and servers inside the target company — an act that costs US companies an average of $6,751,451 per data breach incident according to a Ponemon Research study.
A good hacker knows that a good hack involves three things:
- Vulnerability
- Exploitation
- Maintenance of access
For more see: