The recent publication of the second batch of corporate e-mails exchanged between HBGary and HBGary Federal executives and various contacts in US intelligence, military and law enforcement organizations is a godsend to individuals that aim to launch social engineering attacks against those people, says expert Chris Hadnagy.
The e-mails contain a variety of personal and business contact information of individuals who work for the various US intelligence agencies, the Air Force and other high ranking government officials, and can also be used to extrapolate a likely web of social and business contacts between them and the business community.
The topics of the e-mails themselves offer a great amount of useful knowledge about the organizations’ and the individuals’ needs and ways of thought – knowledge that can be deadly in the hands of an adept social engineer.
According to ThreatPost, Hadnagy advises a number of actions to the organizations these individuals are employed with. The first thing to do is to subject those employees to intensive training and to tests simulating realistic and likely social engineering attacks.
Secondly, they should change all the compromised e-mail accounts and use them only to analyze social engineering attempts that land in their inboxes. But they should also keep in mind and warn the employees about the possibility of social engineering attacks through other forms of communication – by phone or direct, face-to-face contact.