Hello, Dave? My name is Larry Smith and I am calling from WZT, the company handling RTD’s HR. There have been a number of complaints regarding the on-boarding process. Now how long have you been with this company?
– Three months.
Ok, great, so when you started what kind of training were you provided?
– We had one training session.
Ok, great and what are your working hours:
– 8 – 5, lunch break with two smoking breaks
And for payroll what schedule are you on bi-weekly, twice a month, once a month?
– Twice a month
Ok great, now you mentioned a lunch break, do they have working vending machines at your location, we had complaints that some are broken?
– Yeah. We have vending machines with soda and candy
Ok great. And as far as the smoking break, I know you have a smoking area behind the building, do you happen to know what name is on those dumpsters?
– Yeah it’s Leroy’s Trash Services
Ok, great you’ve been so helpful, can I get you to open a website in your browser so I get credit for calling you today with my manager, could you go to seork.org.
– Ok the website is not showing up.
Wow, really. Hmm what kind of browser are you using …
This was one of several calls I heard in the Social Engineering Village at DEFCON. There is an annual capture the flag competition where contestants make calls from a sound proof booth to real people in order to extract information listed on a sheet of paper. This year’s list: payroll frequency, vending machine contents, trash contractor, browser name and version, pdf reader name and version, hardware name and version and some other things, all innocuous to protect the innocent. This particular caller was extremely effective, my poor dialogue above does not truly depict how awesome this guy was. Fortunately we are not allowed to record anything in the room to protect STB and Dave (not his name). STB is also a name change. What makes the competition even more awesome is that “Larry” is not calling some mom-and-pop. “Larry” is calling STB, one of the most known security companies on the planet.
After the call is over the panel of judges discusses the pro’s and con’s of “Larry”‘s approach. His bold direct pretext (the SE term of the cover story) wins high praise. The lack of training for Dave by this security company is discussed. The next contestant is in the booth:
Hello this is Katie, I am wondering if you can help me. I work for a startup here in Oregon (the phone number on caller id is now from Oregon). My boss is pitching investors on Monday and I have a huge gap in our report about your Firewall and Anti-Virus offerings …