I have been reading lately about how easy it is to elicit information from people. Now this is not to be confused with the similar-sounding word "illicit". We won't be discussing anything illegal, but actually very legal and very present in your day-to-day life.
Eliciting information could be something as simple as getting someone's phone number or getting precious information about his or her life/company. Now, you may think that no one would disclose important corporate information with a stranger, but you would be very, very wrong. Even high level executives can feel comfortable giving out information if approached in a nonthreatening way.
Some examples in the book, Social Engineering by Christopher Hadnagy, include a small conversation at a bar that led to the executive showing the attacker the RFID access code to the building. This led the attacker to be able to pose as a repairman and infiltrate the company. Another example Hadnagy gives, is when the attacker sits down for coffee and finds out that the executive will be leaving on vacation the next week. This leads the attacker to drop off a flash drive while the executive isn't there, which will then allow the attacker access to the victim's computer.
Whether or not you are a major executive at a large organization, you likely have access to sensitive information. This includes personal bank login information, your social security number, or even smaller information that can lead to a horrific attack.
This information isn't to make you feel paranoid, but perhaps we need to feel a little more paranoid.
