<Alice> Good Morning, this is Company’s Technical Support, I am Alice speaking, how can I help you?

<Bob> Hi Good Morning Alice, this is Bob Davis- Head of Marketing and sales. I am in the middle of a presentation with one of the biggest customers in our state, but I am unable to access my account remotely. Can you please reset my password?

<Alice> uuuh, Sir I am not sure I can do that now

<Bob> I need to demo our latest emailing system or we will lose this opportunity. Do you want our company should lose this million dollar contract for a stupid password? I am unable to RAS in right now & I can’t let my customer waiting any more. Our company reputation is at stake. Now can you get this thing done for me???

<Alice>hmm ohh ok sir, give me a minute & I will reset your password

<Bob> Thanks a ton! Appreciate your help Alice. My account name is smartbob

<Alice> Your password has been reset. Please try connecting now. it is Qa89%500

<Bob> Got that. Thanks again.


Above is a typical case of a social engineering attack. This kind of attack can only be mitigated by User Educations and awareness. Technology can aid in protection but it has its own limits. Vista has some cool features to protect users falling in attackers trap.

Learning how to spot social engineering techniques is the next step and the new Windows Vista operating system makes that easier to do:

Internet Explorer 7 is available for Windows Vista and has a Phishing Filter built in that scans and alerts users to potentially harmful phishing sites.

Windows Vista Parental Controls offer parental controls for children to help prevent kids from downloading unwanted software.

Windows Defender helps you avoid spyware and other malicious software that can be part of a social engineering scam.

User Account Control built into Windows Vista requires your consent before allowing a potentially dangerous program to run. This helps reduce the impact of viruses, spyware, and other threats you might encounter through social engineering.


More information @ http://www.microsoft.com/athome/security/email/socialengineering.mspx