Tips: Watch Out For Criminal Social Engineers

Halock Security Labs, an information security organization, warns all companies with a physical location and Internet presence to make sure security policies and procedures are strictly enforced during the holidays, because criminal social engineers are out shopping for others' confidential data. Offices are particularly vulnerable in times of increased social activity, like the holidays, because employees are accustomed to seeing new faces, new vendors, receiving many e-mail solicitations and disclosing personal financial information online while shopping.

Halock specializes in ethical hacking and social engineering -- at a client's request, to test a company's physical and Internet vulnerabilities. In one recent instance, a Halock employee was able to enter the corporate headquarters of one of the country's largest financial institutions and gain almost complete access to the company's sensitive data simply because he was carrying a cake.

"When asked what he was doing, our man simply said. 'I have cake,' and nobody wants to impede the progress of a nice looking cake -- right?!" said Jeremy Simon, Halock's CTO.

"Social engineering is typically defined as the skillful exploitation of the natural human tendency to trust. This engineering can come through an actual physical interaction, through an e-mail, as in phishing schemes or online, through falsified websites. The criminal social engineer is out to con someone into giving up credentials that can ultimately be used to generate or gain access to sensitive information," said Terry Kurzynski, CEO, Halock Security Labs. "And during the holidays companies are inundated with strange names and faces in the form of guests, delivery people, greeting cards, special offer Web sites -- the list is endless. Some of these guests are quite unwelcome," he adds.

What can a company do to make sure that they don't inadvertently let the Grinch spoil Christmas?

Here are a few techniques that Halock Security Labs recommends:

  • Stick to your policies and procedures. Carefully track visitors coming and going into your facility. If you don't recognize someone or they are not displaying the correct badge or ID, ask them their purpose and who they are working with. It will become clear if they belong within the walls of your organization.
  • If your organization has a clean desk policy and/or a system lock policy for unattended systems, be sure to enforce those policies. Shred documents that contain confidential or sensitive data. This goes for home and work. Identity thieves pray off of the garbage can. Criminals that have socially engineered their way into an organization will be looking for low hanging fruit including paper documents or systems left unattended. They may try to quickly install a malware program on systems left unlocked and potentially gain administrative rights remotely to that machine.
  • As for your online shopping this holiday season, be sure to locate the little picture of a lock the on bottom of Web pages whenever you provide private information, including credit card numbers, name and address. Be especially careful of phishing attempts to get your password, social security number, account number, or credit card number based on an e-mail that has arrived in your inbox. Never click on hyperlinks in e-mails unless the message comes from a trusted source (and even then, be careful.) And don't ever give out your password, credit card number or social security number via e-mail.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.