Sign up to save your podcasts
Or
Share 2019-029-dissecting a real Social engineering attack (part 1)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
2019-029-dissecting a real Social engineering attack (part 1)
Intro - Ms. DirInfosec “Anna”
Call Centers suffer from wanting to give good customer service and need to move the call along.
Metrics are tailored to support an environment conducive to these kinds of attacks
https://en.wikipedia.org/wiki/Social_engineering_(security)
Social engineering will prey on people’s altruism
“Pregnant woman needing help through the security door”
“Person on crutches”
“Delivery person with arms full”
“Can’t remember information, others filling in missing bits”
Call Center Reps are _paid_ to be helpful. “Customer is never wrong”
Creating a sense of urgency to spur action
Real-life scenario: "bob calls asking about status of an order"
Questions:
- What were you doing for training prior to these calls? (it’s alright if you weren’t doing anything) :)
Pre-training audio (#1 and #2)
- What was their reaction about the calls received?
- Did the training take the first time?
-
- What difficulties did you have after the first training?
- ‘Getting better Audio’ (#3)
- Fake calls?
- Show examples?
- Talk about the training, what kind of training:
- Post audio (#4 and #5)
- How did your call center reps handle the training?
- For a business standpoint, what had to be changed to accommodate the new processes
https://www.pindrop.com/blog/tackling-113-fraud-increase-call-centers-webinar-recap/
https://www.bai.org/banking-strategies/article-detail/beating-crooks-at-call-center-fraud
@consultingCSO on twitter
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]
#Brakesec Store!:https://www.teepublic.com/user/bdspodcast
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: [email protected]
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec
View all episodes
By Bryan Brake, Amanda Berlin, and Brian Boettcher
4.7
9898 ratings
Intro - Ms. DirInfosec “Anna”
Call Centers suffer from wanting to give good customer service and need to move the call along.
Metrics are tailored to support an environment conducive to these kinds of attacks
https://en.wikipedia.org/wiki/Social_engineering_(security)
Social engineering will prey on people’s altruism
“Pregnant woman needing help through the security door”
“Person on crutches”
“Delivery person with arms full”
“Can’t remember information, others filling in missing bits”
Call Center Reps are _paid_ to be helpful. “Customer is never wrong”
Creating a sense of urgency to spur action
Real-life scenario: "bob calls asking about status of an order"
Questions:
- What were you doing for training prior to these calls? (it’s alright if you weren’t doing anything) :)
Pre-training audio (#1 and #2)
- What was their reaction about the calls received?
- Did the training take the first time?
-
- What difficulties did you have after the first training?
- ‘Getting better Audio’ (#3)
- Fake calls?
- Show examples?
- Talk about the training, what kind of training:
- Post audio (#4 and #5)
- How did your call center reps handle the training?
- For a business standpoint, what had to be changed to accommodate the new processes
https://www.pindrop.com/blog/tackling-113-fraud-increase-call-centers-webinar-recap/
https://www.bai.org/banking-strategies/article-detail/beating-crooks-at-call-center-fraud
@consultingCSO on twitter
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]
#Brakesec Store!:https://www.teepublic.com/user/bdspodcast
#Spotify: https://brakesec.com/spotifyBDS
#RSS: https://brakesec.com/BrakesecRSS
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
#SoundCloud: https://brakesec.com/SoundcloudBrakesec
Comments, Questions, Feedback: [email protected]
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
https://brakesec.com/BDSPatreon
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec
More shows like BrakeSec Education Podcast
View all
Security Now (Audio)
2,011 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Strict Scrutiny
5,832 Listeners