IT Security Horror Stories: Tale of the Fake IT Rep

October 29, 2012, Mike Weber, Vice President, Coalfire Labs

Image: IT security horror stories
Some IT security monsters aren't as obvious as a Mummy

At Coalfire Labs, we discover—and help our clients address—some pretty scary security
and compliance problems. There are lots of deceptive monsters looking to exploit the weaknesses of their victims. This is one of those terrifying but true stories...

The Tale of the Fake IT Rep

It was a snowy day, and a company’s employee received a phone call from “an
IT rep” at “headquarters.” After describing the harrowing experiences on the snowy roads, the IT rep let the employee know that he was calling about a reported virus on the employee’s system.

The IT rep then asked how the employee’s computer was performing. In typical fashion, the employee said the system was slow. The IT rep then explained that according to company policy, the process for handling this problem was to allow access from the IT rep’s workstation to analyze the computer (“You’ve read the employee handbook, right?” “Of course”).

The impersonating IT rep then asked for the employee’s username and password, and after a short period stated that it appeared the system was clean, but that he would likely need to call others in the location to do the same thing. He asked for the floor supervisor. The floor supervisor agreed to coordinate this task and offered to gather everybody’s credentials and provide them to the IT rep. The floor supervisor returned with just over a dozen user credentials (it was a snowy day, so it was a thin crew).

The IT rep thanked the floor supervisor, took the supervisor’s name and number, and promised to call back when the analysis was complete. As he said, it was most likely just a false alarm.

Stories like these are more common than people imagine. Let Coalfire Labs help you identify the weaknesses—human and technological—in your IT risk management program and keep you safe in a frightening world.

Have a scary story of your own? We'd love to hear your story and help you combat your IT monsters!

*Promotional photo of The Mummy, Boris Karloff, Universal Studios, 1932

Learn more about Coalfire Labs:
Penetration Testing
Vulnerability Scanning & Assessments
Social Engineering
Application Security

Read our other IT Security Horror Stories:
The 100 Million Dollar Getaway
The Ghosts Inside
Breaching a bank in 20 minutes

Past Horror Stories
Truth is SCARIER than Fiction Redux
Is your Network an Unsegmented Haunted House?
Digging your own grave with Default Credentials
Slow Network, Big Phish
The Case of the Phantom Blood Red Team
A Tale of Spooky Hosted Images
Ghost in the Machine
Tale of the Fake IT Rep
Truth is Scarier Than Fiction
The Case of the Phantom Technician

Mike Weber

Author

Mike Weber — Vice President, Coalfire Labs

Recent Posts

Post Topics

Archives