Network technician for a mid-size company.

at
Categories
Tags

 

 

Assume you are a network technician for a mid-size company. You’re often at the office on Saturday afternoons to catch up on work without disruption. You get a phone call from a person who identifies himself as the new assistant to a company vice president. He says the VP is traveling internationally and needs access to certain sensitive files on the server but cannot access it.The assistant needs the VP’s network credentials to locate the files, and he is worried he will be fired if he doesn’t get the information quickly. You’ve never spoken directly to the VP and are not familiar with the assistant.Answer the following question(s):1. You are not sure if this is a legitimate request or a social engineering scam. What is the best way to handle this situation?

Sample Solution

 

 

 

This situation has all the hallmarks of a social engineering scam. Here’s the best course of action:

  1. Do not provide any network credentials. These are highly sensitive and should never be shared over the phone, especially with someone you don’t know.

  2. Verify the Request:

  • Contact the VP directly, using a verified method (phone number or email you know is theirs). Explain the situation and see if they indeed require access and sent an assistant to request credentials
  • If you can’t reach the VP:
    • Contact the company IT department. Explain what happened and ask them to verify the request through official channels. They might have a protocol for such situations.
    • Inform the caller: Let them know you cannot provide credentials without verification and offer to connect them to the IT department for further assistance.
  1. Educate the Caller (if it seems genuine):
  • If the call seems to be from a new, unaware assistant, politely explain the company’s security protocols and the dangers of sharing credentials.
  • Provide them with the proper channels for requesting remote access (e.g., contacting the IT Helpdesk).
  1. Report the Incident:
  • Regardless of the caller’s intent (scam or genuine mistake), document the entire interaction and report it to your IT department. They can investigate further and take necessary steps to prevent similar attempts.

Remember: When in doubt, err on the side of caution. Protecting your company’s network and data is paramount.

 

This question has been answered.

Get Answer