Earlier this year, we discussed the dangers of social engineering and that the effectiveness of the tactics were being revealed at the DEFCON conference. Through the Social Engineering Capture the Flag contest, social engineers were put to the test of capturing company information from employees over the phone and online. Each piece of information captured was worth points or “flags with the goal of achieving as many flags as possible. Some examples of the questions the social engineers ask are; What anti-virus system is used? What operating system and version they use? Do they have a cafeteria? and asking the target to visit a fake URL over the phone (one of the larger point items).
The calls were made, the crowd watched along, and now the results of the contest are in! What companies were targeted? What information did employees hand over to the callers? Our partner, Social-Engineer, Inc., is hosting a webinar to review the results and info associated with the contest.