While writing this chapter, Bo got given a chore by a friend, where he needed SYSTEM access to their laptop. They had gotten a call from a social engineer who told them he was from Microsoft, and that the friend had a problem on their computer. The pitch was that the Microsoft engineer had gotten to notice somehow that the friend's PC was infected, and the "Microsoft engineer" was there to help. After destroying files on the laptop, they then locked the system with a password, and locked out all the accounts except the one that was used during the exploit. They demanded $199.00 for the password. Even a smart and knowledgeable person can be caught by a good social engineering con. This shows the power of social engineering and also proves people are the weakest link in security. We have gotten people's passwords by just asking, when we were doing social engineering tests of security awareness at various companies.

As explained, the system is locked...