- Posted September 24, 2013 by
This iReport is part of an assignment:
How much loss of integrity? Social engineering hack exploits store manager
A small town manager recently became the victim of hacking after he experienced a social engineering scheme. The store and manager’s name and store are being kept private for financial and legal reasons.
The store manager stated he received a call from a “Will Ipsom” claiming he wanted to offer him the opportunity to take advantage of a massive government contract.
Ipsom covered the fact that he was seeking local merchants to fulfill his logistics quota. The scheme included the specifics of a required store visit and some in depth questioning on store operations.
Details extracted included third party vendors, pay structure for employees inclusive of scheduling, and standards of operations for management. The phishing scam spanned network information with particulars on operating system, browsers, and even security software.
Toward the end of the call Ipsom guided the store manager to a web address where he was detailed how he should fill out an online survey to prep for Ipsom’s store visit. Upon attempt to visit the website the manager found it blocked. Ipsom stated that IT must have failed to unlock the site and he would contact them to render a solution.
“Looking back, I didn’t even suspect it could be a malicious event”, says the manager. Ipsom indicated he would follow up the next day with further details on his arrival to the store. After no follow up from Ipsom and details from the store’s network linked to a breach of data tied to traffic logs associated with the store manager’s username, dates, and times the store's IT security department got involved.
Just how much data was lost and how long the hacker was inside the network is vague an IT representative indicates. The representative went on to mention “the loss of integrity to the system is huge and the amount of compromised data is unknown.”