Oracle data obtained in social engineering attack

Business software giant Oracle was subjected to a targeted social engineering attack as part of a contest at security event Defcon, which is taking place in Las Vegas this week. Several other companies including Apple, AT&T, and security firm Symantec were also attacked, but it was Oracle employees who were found to willingly hand over the most corporate information.The attacks used were simple in nature, with some attackers calling employees posing as members of the corporate IT department.Employees were then asked to hand over data and visit certain web sites, with many complying willingly."For me it was a scary call because she was so willing to comply," said Chris Hadnagy, one of the contest organisers, according to Reuters."This compliance could lead to serious attacks if used by the right people," he added.
Social engineering attacks such as "spear phishing", where an attacker sends someone an email purportedly from an existing contact inviting them to open a malicious link, are thought to be behind recent attacks on the International Monetary Fund and RSA Security.

---