Read The Art of Deception: Controlling the Human Element of Security for Free Online
offices of the cellular phone service. In part, the conversation went like this: Receptionist: Good afternoon. This is Marie, how may I help you? Didi: Can you connect me to the Transportation Department?
R: I'm not sure if we have one, I'll look in my directory. Who's calling? D: It's Didi. R: Are you in the building, or... ? D: No, I'm outside the building. R: Didi who? D: Didi Sands. I had the extension for Transportation, but I forgot what it was. R: One moment.
To allay suspicions, at this point Didi asked a casual, just making conversation question designed to establish that she was on the "inside," familiar with company locations.
D: What building are you in - Lakeview or Main Place? R: Main Place. (pause) It's 805 555 6469.
To provide herself with a backup in case the call to Transportation didn't provide what she was looking for, Didi said she also wanted to talk to Real Estate. The receptionist gave her that number, as well. When Didi asked to be connected to the Transportation number, the receptionist tried, but the line was busy.
At that point Didi asked for a third phone number, for Accounts Receivable, located at a corporate facility in Austin, Texas. The receptionist asked her to wait a moment, and went off the line. Reporting to Security that she had a suspicious phone call and thought there was something fishy going on? Not at all, and Didi didn't have the least bit of concern. She was being a bit of a nuisance, but to the receptionist it was all part of a typical workday. After about a minute, the receptionist came back on the line, looked up the Accounts Receivable number, tried it, and put Didi through.
The Second Call: Peggy The next conversation went like this:
Peggy: Accounts Receivable, Peggy. Didi: Hi, Peggy. This is Didi, in Thousand Oaks. P: Hi, Didi. D: How ya doing? P: Fine. Didi then used a familiar term in the corporate world that describes the charge code for assigning expenses against the budget of a specific organization or workgroup:
D: Excellent. I have a question for you. How do I find out the cost center for a
particular department? P: You'd have to get a hold of the budget analyst for the department.
D: Do you know who'd be the budget analyst for Thousand Oaks - headquarters? I'm trying to fill out a form and I don't know the proper cost center. P: I just know when y'all need a cost center number, you call your budget analyst. D: Do you have a cost center for your department there in Texas? P: We have our own cost center but they don't give us a complete list of them. D: How many digits is the cost center? FOr example, what's your cost center? P: Well, like, are you with 9WC or with SAT?
Didi had no idea what departments or groups these referred to, but it didn't matter. She answered:
D: 9WC. P: Then it's usually four digits. Who did you say you were with? D: Headquarters--Thousand Oaks. P: Well, here's one for Thousand Oaks. It's 1A5N, that's N like in Nancy.
By just hanging out long enough with somebody willing to be helpful, Didi had the cost center number she needed - one of those pieces of information that no one thinks to protect because it seems like something that couldn't be of any value to an outsider.
The Third Call: A Helpful Wrong Number Didi's next step would be to parlay the cost center number into something of real value by using it as a poker chip.
She began by calling the Real Estate department, pretending she had reached a wrong number. Starting with a "Sorry to bother you, but .... " she claimed she was an employee who had lost her company directory, and asked who you were supposed to call to get a new copy. The man said the print copy was out of date because it was available on the company intranet site.
Didi said she preferred using a hard copy, and the man told her to call Publications, and then, without being asked - maybe just to keep the sexy- sounding lady on the phone a little longer - helpfully looked up the number and gave it
R: I'm not sure if we have one, I'll look in my directory. Who's calling? D: It's Didi. R: Are you in the building, or... ? D: No, I'm outside the building. R: Didi who? D: Didi Sands. I had the extension for Transportation, but I forgot what it was. R: One moment.
To allay suspicions, at this point Didi asked a casual, just making conversation question designed to establish that she was on the "inside," familiar with company locations.
D: What building are you in - Lakeview or Main Place? R: Main Place. (pause) It's 805 555 6469.
To provide herself with a backup in case the call to Transportation didn't provide what she was looking for, Didi said she also wanted to talk to Real Estate. The receptionist gave her that number, as well. When Didi asked to be connected to the Transportation number, the receptionist tried, but the line was busy.
At that point Didi asked for a third phone number, for Accounts Receivable, located at a corporate facility in Austin, Texas. The receptionist asked her to wait a moment, and went off the line. Reporting to Security that she had a suspicious phone call and thought there was something fishy going on? Not at all, and Didi didn't have the least bit of concern. She was being a bit of a nuisance, but to the receptionist it was all part of a typical workday. After about a minute, the receptionist came back on the line, looked up the Accounts Receivable number, tried it, and put Didi through.
The Second Call: Peggy The next conversation went like this:
Peggy: Accounts Receivable, Peggy. Didi: Hi, Peggy. This is Didi, in Thousand Oaks. P: Hi, Didi. D: How ya doing? P: Fine. Didi then used a familiar term in the corporate world that describes the charge code for assigning expenses against the budget of a specific organization or workgroup:
D: Excellent. I have a question for you. How do I find out the cost center for a
particular department? P: You'd have to get a hold of the budget analyst for the department.
D: Do you know who'd be the budget analyst for Thousand Oaks - headquarters? I'm trying to fill out a form and I don't know the proper cost center. P: I just know when y'all need a cost center number, you call your budget analyst. D: Do you have a cost center for your department there in Texas? P: We have our own cost center but they don't give us a complete list of them. D: How many digits is the cost center? FOr example, what's your cost center? P: Well, like, are you with 9WC or with SAT?
Didi had no idea what departments or groups these referred to, but it didn't matter. She answered:
D: 9WC. P: Then it's usually four digits. Who did you say you were with? D: Headquarters--Thousand Oaks. P: Well, here's one for Thousand Oaks. It's 1A5N, that's N like in Nancy.
By just hanging out long enough with somebody willing to be helpful, Didi had the cost center number she needed - one of those pieces of information that no one thinks to protect because it seems like something that couldn't be of any value to an outsider.
The Third Call: A Helpful Wrong Number Didi's next step would be to parlay the cost center number into something of real value by using it as a poker chip.
She began by calling the Real Estate department, pretending she had reached a wrong number. Starting with a "Sorry to bother you, but .... " she claimed she was an employee who had lost her company directory, and asked who you were supposed to call to get a new copy. The man said the print copy was out of date because it was available on the company intranet site.
Didi said she preferred using a hard copy, and the man told her to call Publications, and then, without being asked - maybe just to keep the sexy- sounding lady on the phone a little longer - helpfully looked up the number and gave it
Similar Books
Loving Lucas
Lisa Marie Davis
Life Blood: Cora's Choice #1
V. M. Black
Black Storm
David Poyer
No Time to Die
Grace F. Edwards
Being Jamie Baker
Kelly Oram
Racing The Alpha (Dirt Track Dogs #1)
P. Jameson
Terminator - T3 01 - Rise of the Machines
David Hagberg
Scorch (The MacKenzie Family Book 17)
Liliana Hart
Dead on Cue
Sally Spencer
The Crew
Margaret Mayhew