top | item 31728121

(no title)

This stuff is still incredibly easy to do to this day. I was the general manager of a retail office store chain and we would frequently have calls come in forging fake complaints but asking for the district or regional manager's first and/or last name. The attacker would then call another store in the region claiming to be "Mr. Head Manager".

Most associates knew or had seen the names (they were required to be posted in the break room) but often times never met the people in question. The attacker got associates and other shift/associate managers to do everything from giving up secure information on the registers to ring up gift cards.

It was happening two to three times a week in our district at times despite weekly training and conference calls on the subject. Some people are just born to be duped.

discuss

swatcoder|3 years ago

> Some people are just born to be duped

Nah, all people are born to be duped. Nobody can be vigilant all the time. There's a point where you have to let down your guard and trust that there's no monster ready to pounce on you from the shadows. Vigilance has its own costs that often work against the tasks at hand, and can really fry your body if held high for too long.

As GM you may have been especially vigilant about this issue because you saw yourself as the steward of your store(s), but those associates weren't in the same position and were bound to be more lax on net.

It doesn't sound like these social engineering attacks tanked the company, so whatever dynamic existed between everyone seemed to work adequately.

formerkrogemp|3 years ago

It doesn't hurt that retail stores in the US pay dirt and shit for wages.