I’d read about social engineering for a few years before I first stepped into the Social Engineering Village at DEF CON 20. But I didn’t grasp the power of this type of attack until I watched a live call during which employees of major companies simply offered up all the information needed to breach their systems – no technology required. I was hooked. In case you’re not familiar with social engineering, it’s defined simply as “any act that influences a person to take an action that may or may not be in their best interest.”
A couple of years later, I decided to participate in the Social Engineering Capture the Flag competition at DEF CON. My first attempt, I gave 100 percent effort, but during the call phase of the competition, in front of hundreds of people, I got zero points because I could not get anyone on the phone. Despite that, I decided to sign up yet again this year. Armed with determination and a lot of OSINT (open source intelligence), I lucked out this year and had two su

http://www.veracode.com/blog/security-news/how-single-phone-call-can-compromise-your-company