While the story might not be true, it highlights that people are the weakest link. For instance, why didn't the secretary press the "suit", "contractor" and "construction worker" a bit harder? Then there is process. A process might be asking for visitors to sign, a sign-in book and then supply a business card which can be verified, checking name, address etc against a printed phone book. The weakness of social hacks is a legend or background story. The harder you dig the weaker a deception should appear if it's false.
The key to this social hack is gaining the confidence of the secretary (Suits, clip boards, plans) at the same time making sure the secretary does not link any of the incidents together while organising a false scenario: "Mitigating the social engineering threat" (Kevin Mitnick)~ http://blogs.techrepublic.com.com/security/?p=3443
While the story might not be true, it highlights that people are the weakest link. For instance, why didn't the secretary press the "suit", "contractor" and "construction worker" a bit harder? Then there is process. A process might be asking for visitors to sign, a sign-in book and then supply a business card which can be verified, checking name, address etc against a printed phone book. The weakness of social hacks is a legend or background story. The harder you dig the weaker a deception should appear if it's false.
The key to this social hack is gaining the confidence of the secretary (Suits, clip boards, plans) at the same time making sure the secretary does not link any of the incidents together while organising a false scenario: "Mitigating the social engineering threat" (Kevin Mitnick)~ http://blogs.techrepublic.com.com/security/?p=3443
These are some of the keys to executing the "long con" ~ http://www.bbc.co.uk/drama/hustle/con_jargon.shtml