Social engineering Expert:
Attack on GoDaddy
Highlights Importance of Employee Security Training

Electronic & Digital Evidence / Cyber Forensics Articles

By Scott Greene

 An employee of the website hosting and Internet domain registrar, GoDaddy was tricked into giving a Black hat hacker information that could allow the hacker to take over customer’s domain names. This incident further illustrates that employees can be the weakest link in an organizations security.

tech republic social engineering survey

The hacker successfully extorted a prized Twitter name “@N” from the GoDaddy customer, Naoki Hiroshima, after Hiroshima’s domain names were hijacked. The hijacked domains included his primary email address which allowed the hacker access to Hiroshima’s Facebook account. Hiroshima claims that the @N Twitter name is worth as much as $50,000.
 
GoDaddy said the hacker knew lots of personal information about Hiroshima when he contacted the company employee.
 
"The hacker then socially engineered an employee to provide the remaining information needed to access the customer account," Todd Redfoot, chief information security officer for GoDaddy, said in a statement emailed to CruxialCIO.
 
GoDaddy helped Hiroshima regain control of his GoDaddy accounts and the company says it is helping him get back other services that were lost in the attack.
 
"We are making necessary changes to employee training to ensure we continue to provide industry-leading security to our customers and stay ahead of evolving hacker techniques," Redfoot said.
 
The incident demonstrates the importance of ongoing employee training in the area of social engineering. Employees need to understand that hackers will use questions in person, on the phone, and in email to gain information that can be used against an individual as well as the organization.
 
Security training is key to keeping organizational information as well as facilities safe. Hackers will often send phishing email to employees designed to trick recipients into opening malicious malware attachments or to click on links that take the user to websites that install malware onto the user’s computer. One example of this caused a law firm’s trust account to be drained of six figures.
 
Prevention: Train employees often about security, social engineering and other risks that they face. Organizations should also conduct regular risk assessments and penetration tests to determine how well employees will react to different types of situations.

 

Evidence Solutions, Inc.

Complex Electronic Evidence in PLAIN English.

Call us today with your Digital Evidence Questions: 866-795-7166 or  This email address is being protected from spambots. You need JavaScript enabled to view it.

Related Articles & Pages:

Six steps to more security and privacy

Social Engineering Expert: YOU are the Hacker’s Greatest Tool

Safer passwords, Rules 1 - 3

Law Firm's Trust Account Hacked! Six Figures Taken!!!

 

Like Evidence Solutions - Electronic Evidence on Facebook

Follow Evidence Solutions - Digital Evidence Division on LinkedIn

Circle Evidence Solutions - Digital Evidence Division on Google+

Google+ Author

Google+ Publisher