One of the more interesting events at this year's Defcon hacker conference in Las Vegas late last month was a social-engineering contest that targeted big companies like Microsoft, Google, and Apple. Participants pretending to be headhunters and survey takers were able to trick employees at the companies into giving out information over the phone that if it landed in the wrong hands could be used to sneak malware onto machines at the company or otherwise get access to the company's data.
The contest proved a number of things. That it is easy for strangers to get potentially sensitive information over the phone if they have a good ruse. That workers at companies, even tech companies that spend a lot of time and resources protecting their networks from hackers, were practically handing over the keys to the data storerooms without knowing it. And that humans are the weakest link in the security ecosystem and yet many corporations fail to recognize that.
A superb read about social engineering 101 by Chris Hadnagy. Enjoy