Rate Alert! Rate Alerts Glossary Glossary Help Help
 
  Bankate.com
 
News and Advice Compare Rates Calculators
 
 
- advertisement -
 
 
Jim Stickley: Dumpster diver, crime fighter

He digs in garbage, likes to play dress up and has more fake IDs than a teenager.

- advertisement -

It's all part of the job for Jim Stickley, whose duties as the chief technology officer and vice president of engineering for TraceSecurity, a Baton Rouge, La., security compliance software firm, include elaborate social-engineering schemes designed to test the security of bank branches he and his team are hired to assess.

The point of social engineering, he says, is getting people to do things they wouldn't normally do, through deception. This he accomplishes best by showing up on the premises of a bank branch posing as a trusted visitor, such as a fire inspector, an Occupational Safety and Health Administration inspector or a pest-control man. To make it believable, those on his team who are involved in the information heist wear uniforms and bring official-looking ID cards, badges, papers and related equipment. They make appointments when necessary.

"We show up as a role, as someone you expect and trust to be there," says Stickley.

Happy con day
Proving that appearances and a little acting can deceive effectively, his team has even gone sans uniform into a branch inside a grocery store and put up birthday decorations. No one seemed to notice when the team members went from standing on top of the counter at the branch putting up a banner, to slipping behind the counter, stealing cashier's checks.

More typically, his team gets asked to test the security of regular bank branches. The team's objective includes getting past the counters of the bank and, while unattended, stealing as much sensitive information as possible by installing wireless devices and seizing backup tapes. "Only 1 percent of all financial institutions encrypt their backup tapes," he says. The number of accounts Stickley's team can steal, then, is limited only by how many accounts can be stored on those tapes.

The action can only start if employees leave these social engineers to their own devices. Eighty percent of the time bank employees leave you unattended, he says. If they do hover while Stickley or his team members pretend to make inspections, they ask for a cup of coffee or documentation on the equipment they are checking -- anything to make the employee disappear for a few minutes. While they're gone, devices are installed or tapes stolen. When the employee returns, the phony pest-control serviceman simply walks away from that area.

Security firm probes for weaknesses  
SLIDESHOW:  |   

 

 
 
Every heist comes with excitement...
Page | 1 | 2 |
 
 RESOURCES
New scam to vatch for: vishing
Be alert to scams targeting the elderly
Don't get hooked by these 9 scams
 TOP PERSONAL FINANCE STORIES
Video: 5 myths about going green
5 myths about going green
Video: Ways to keep produce fresh
 

Compare Rates
NATIONAL OVERNIGHT AVERAGES
30 yr fixed mtg 4.45%
48 month new car loan 3.77%
1 yr CD 0.89%
Rates may include points
BASICS SERIES
Begin with personal finance fundamentals:
Auto Loans
Checking
Credit Cards
Debt Consolidation
Insurance
Investing
Home Equity
Mortgages
Student Loans
Taxes
Retirement
 
- advertisement -




About Bankrate | Privacy Policy/Your California Privacy Rights | Online Media Kit | Partnerships | Investor Relations | Press Room | Contact Us | Sitemap
NYSE: RATE | RSS Feeds |

* Mortgage rate may include points. See rate tables for details. Click here.
* To see the definition of overnight averages click here.

Bankrate.com ®, Copyright © 2014 Bankrate, Inc., All Rights Reserved, Terms of Use.