A person called into my organization’s Help Desk from a remote facility. It got flagged as a social engineering attempt.
– Caller was asking for a password reset
– They knew the user’s name
– They do not know the user’s userid
– When repeatedly asked to spell the name, they continually made 2 separate spelling errors
– They suggested there had been a power outage and the PC had rebooted
I assumed they don’t know the userid because they were given the real person’s password (most likely by the real person in violation of policy) to use and just kept unlocking/locking the PC. The power interruption caused a reboot. Now to log in a userid was required.
I was pretty sure we had two different security issues: Person A gave out their password (a security violation) and Person B used it and pretended to be Person A.
I informed management and HR.
The verdict: The person was just a total dumb-ass. They had forgotten their userid, and they were spelling their own name wrong.
My suggestion to HR that if the person couldn’t spell their own name correctly that then perhaps the company would be better off without them was met with a cold look. So, I think from the HR PoV, I just became the villain of the security incident instead of the incident handler.
Update: I am pretty sure HR got snookered and the violators got away with it.
Filed under: Information Security |