It’s 7:30pm and you’re finally leaving the office. On your way out, you notice an unknown person, in one of your company’s conference rooms with three laptops open. This is not a scenario that any CEO would wish to have. However, it’s exactly what happened to Dr. Samuel Straface, the CEO for Medrobotics. There is no record of the intruder, Dong Liu, in the Medrobotics visitor log. He apparently tailgated his way through the front door and blended in with the rest of the staff. It illustrates a point we often make, “looking the part,” whether it’s posing as an employee, vendor, or delivery service, is often all it takes for an intruder to blend in and gain unauthorized access. Impersonation attacks like the one we just mentioned are more common than you might think. Let’s look at a few that recently made the news.
Impersonation attacks in the news
A man in Poland robs multiple stores in a shopping mall after it closes for the night. How he gained access is quite unique. The accused man stood motionless in a storefront window posing as a mannequin, waiting for the mall to close. Police said,” mall staff and shoppers didn’t notice anything unusual at the time, claiming the man blended in with the other mannequins.”
A woman in Grand Rapids, Michigan has been federally indicted after allegedly posing as a registered nurse to defraud her employers. Letticia Gallarzo used the Michigan licensing number and the name of a person licensed as a nurse to get a job as a registered nurse at a Grand Rapids nursing home, and hospice facility. Despite not having a valid nursing license or a degree of any kind in nursing Ms. Gallarzo blended in and “As alleged in this case, the defendant recklessly and willingly put the lives of innocent patients at risk,” FBI Special Agent in Charge Cheyvoryea Gibson said in a statement.
In Coral Springs, Florida two young people pry open the doors of a Walmart store after closing hours. Wearing Walmart logo vests, they were hoping to blend in and “gather miscellaneous items.”
Social Engineering Security Assessments
To mitigate the threat of impersonation attacks, Social-Engineer provides security assessment services. We deploy professionally trained social engineers for onsite impersonation testing of your vendor/visitor access policies and physical perimeter security. We offer this service for either day or night testing. This is a full-scope program with multiple layers which may include badge cloning, credential harvesting, and network control. Or you can augment your internal red team with our trained and professional social engineers. We will work together with your internal team to test the human element of your network through remote consulting, feet-on-the-ground, and/or initial access testing through social engineering vectors.
Are you curious how our expert social engineers prepare for and execute an onsite security assessment? Listed below is an insightful behind-the-scenes experience from one of our expert social engineers.
Shelby Dacko, Human Risk Analyst for Social-Engineer describes her latest on-site security assessment assignment – Across A River.
Test. Educate. Protect.
Stay one step ahead of the criminals by educating and regularly testing your employees for possible physical security vulnerabilities. Contact us for a consultation today.
You May Also Like
Protecting Trade Secrets from Physical Intruders
Impersonation Attacks