An intruder has gained access to the offices of a FTSE-listed financial services firm and duped staff into handing over sensitive information, including staff usernames and passwords, during a social engineering exercise.
It is so easy to do if you just feel confident about yourself - I recall visiting a Client on the outskirts of Paris, and finding myself at 11am in an unattended Office suite, looking at the Laptop of the Financial Director of a large Pharmaceutical Company,
reading his Q1 Cash Flow Forecast, with no ScreenSaver having kicked in - and no-one ever challenged me.
Another time I was visiting a Financial Services Company in Leeds, and was impressed by their due care within the office to ensure that confidential waste paper was deposited in secure containers. But the next morning I saw the local Security firm park their
pickup truck unsecured & unattended in the car park, so to prove I could do it I climbed into the back of the truck (ostensibly as if to steal the confidential waste already in there) and no-one challenged me. The truck was covered by CCTV, but I could see
that the on-site Security Guard had left his command post to go and unlock the room where the confidential waste had been stored overnight.
In both instances my colleagues who with me were paranoid we were going to be arrested, but nobody batted an eyelid.
A great post and one that reminds us where the real danger lies.
Just a quick note to he Brighton guy - I'm uneasy about what you did.
You may have been well intentioned, but it could have seen you prosecuted. I understood why you say you did it, but how could you prove you hadn't got maliscious intent?
Would you take a stranger's purse just because you saw she had an open handbag, or move a car because someone left the keys in it?
To respond to the latter comments :
if I see a car with the keys in the ignition and I knew the owner I would take the keys to stop it being stolen
if I saw a handbag belonging to a co-worker lying unattended on the desk I would move it and put it out of sight in a desk drawer
if I saw a PC still switched on after 6pm when the owner has gone home I will switch it off, and if its unsecured I will remove it and lock it away.
Its called looking after your friends, neighbours & colleagues.
Excellent salary with uncapped commissionMilton Keynes
© Finextra Research 2013