Simone – A social media investigation

Search for Simone A social media investigation     1 Speaking around the world about social engineering one question comes up almost every time. Why is social engineering so successful? A key success factor in a targeted attack is good research, knowing the target and how to manipulate them. I have been gathering and analysing […]

Interview with DIGIT

Social engineering and social media risks Here’s a link to an interview with DIGIT who organise the excellent Scot-Secure event in Edinburgh (among many other things). It focuses on social engineering in the context of social media reconnaissance, manipulation and how to minimise your attack surface when using social media. Check it out here

Reconnaissance for Social Engineering: Tales from the Road

Reconnaissance for Social Engineering: Tales from the Road A case study in shoulder surfing; intelligence, risk and mitigation When it comes to reconnaissance and open source intelligence, research often seems like a digital battle. Using endless pieces of software, sites and APIs, we use technology to fight for the data we want. It is easy […]

Can I borrow your swipecard?

Can I borrow your swipecard? […so we can add 2,000 new admin accounts to your system] This case involves an accountancy firm based in South East England.  The firm had just lost a big client and as a result had to make some cuts which included letting a few members of staff go. Jamie had […]

Stay calm and (don’t) pay the hackers

Stay calm and (don’t) pay the hackers This social engineering case study highlights how attackers can use curiosity, urgency and fear to manipulate victims into breaking company protocols and get a finance employee to willingly transfer £152,000 into the attackers bank account. Miranda worked in Finance for Troy Ltd.  One morning she received an email with […]

The enthusiastic law student

The enthusiastic law student This case involves a law firm based in the south of England.  The firm was of a reasonable size and, like most law firms, held a lot of very sensitive customer data. One morning one of the solicitors received a Facebook message purporting to be from a young law student.  The […]

Criminal Justice Evolution podcast

Patrick Fitzgibbons was kind enough to invite me on to his US based Criminal Justice Evolution podcast.  We talked about the social engineering threats facing businesses worldwide, how cyber-crime is evolving and the difficulty law enforcement faces when tracking down cyber criminals.  There are also some excellent tips on how to protect yourself from this […]

The not-so-secret life of boarding passes

The not-so-secret life of boarding passes Another reason why posting your travel plans all over social media could put your security at risk.   Have you ever thought about what your boarding pass might say about you? I don’t mean “oh look at me, I’m flying in Emirates Business Class”, but what data you might […]

Podcast with Jenny Radcliffe -The Human Factor

I recently recorded a podcast with social engineer Jenny Radcliffe as part of her long-running Human Factor Podcast series. We had a broad-ranging discussion from pentesting to social engineering as well as tips for getting onto the speaking circuit. Here’s the link to the podcast: Jenny has interviewed many interesting people over the years, […]