Social Engineering

I found this very disturbing article from Techmemeorandum about using social engineering to compromise an organisations security defences, the troubling part about this example was how easily the defences were breached. As seen in this quote they had 75% success rate allowing them access to a vast number of systems in the target organisation.

After about three days, we figured we had collected enough data. When I started to review our findings, I was amazed at the results. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems, and the best part of the whole scheme was its convenience. We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management.

The troubling part in this example is the USB thumb drives in question are very popular in organisations as productivity devices.