being conned (Score: 5, Insightful) by rocks@pipedot.org on 2014-03-20 12:35 (#Q2) is something I have experienced a bunch of times, probably more times even than I know, some of the events being so ridiculous that I can't even picture myself doing what I did. Most of the time I am pretty sceptical and careful with strangers, but basically a variety of human conditions such as feeling happy and safe, being depressed, being very tired, being distracted, and so on can bring your guards down for external reasons and they don't get back up in time when a con arrives at your doorstep. I have since acquired a lot of sympathy for people who get conned because usually they are not ridiculously stupid. Instead, they generally had their guards down for external reasons and made a mistake, a mistake they can easily recognize in hindsight and not repeat in the future, and it usually accomplished little to berate the momentary stupidity.That said, the discrepancy between the physical security and chat security in this case is remarkable for people managing a financial business. Secure protocols appear to have been missing in this case and could have helped? Re: being conned (Score: 2, Informative) by andycal@pipedot.org on 2014-03-21 01:30 (#QK) Seems to me it took a lot more than just opening up a chat session. The attacker needed to know enough about the infrastructure to guide the attack. I suspect either an inside job, or at-least some other inside connection, perhaps the part we know about was only part of the social engineering.I've always been shocked at how easy it is defeat security with a few words.To the hotel clerk at the front desk around 2 in the morning: "I left my room key in my room, Can you make me a key for Room number ####?"I stood ready to produce my photo id, or at-least give the name on the room... neither was asked for . Re: being conned (Score: 1) by rocks@pipedot.org on 2014-03-21 12:24 (#R1) Your inside job hypothesis is probably worth pursuing... I hadn't thought about that angle, but maybe that is how someone could portray knowledge that fit being the business owner.
Re: being conned (Score: 2, Informative) by andycal@pipedot.org on 2014-03-21 01:30 (#QK) Seems to me it took a lot more than just opening up a chat session. The attacker needed to know enough about the infrastructure to guide the attack. I suspect either an inside job, or at-least some other inside connection, perhaps the part we know about was only part of the social engineering.I've always been shocked at how easy it is defeat security with a few words.To the hotel clerk at the front desk around 2 in the morning: "I left my room key in my room, Can you make me a key for Room number ####?"I stood ready to produce my photo id, or at-least give the name on the room... neither was asked for . Re: being conned (Score: 1) by rocks@pipedot.org on 2014-03-21 12:24 (#R1) Your inside job hypothesis is probably worth pursuing... I hadn't thought about that angle, but maybe that is how someone could portray knowledge that fit being the business owner.
Re: being conned (Score: 1) by rocks@pipedot.org on 2014-03-21 12:24 (#R1) Your inside job hypothesis is probably worth pursuing... I hadn't thought about that angle, but maybe that is how someone could portray knowledge that fit being the business owner.