Hello, I’m representing HP…. and I’m really a hacker.

As a network administrator, one of my on going annoyances is the people calling with “surveys.”  In the past I have either just told them I wasn’t interested or just hung up on them without any comment at all.  The calls usually start with “Hi, this is Judy.  I’m representing HP and I was calling today with a short survey…blah blah blah.”

I usually don’t listen past that point and end up terminating the call.

In the past I considered these calls a waste of my time in an already overtaxed schedule.  Additionally it seemed like a “theft” of the time the company has paid for for something that does not directly benifit the company.

Recently however I decided to go through one of the “surveys” and see what they asked.  Being security minded (and slightly paranoid) throughout the survey I provided only false information.  At the conclusion of the “survey” I was very glad I did.

Some of the things they asked were:

  • How many users did we have?
  • How many printers?
  • What was our main operating system?
  • What version on the O/S?
  • What brand of Antivirus did we use?
  • What kind of routers? Switches?
  • Who was our firewall vendor?

…and then, with that last question, it dawned on me…this call was a social engineering call!  They were hackers!  I had no evidence that they were with (in this case) HP.  Only their word.  This call was really to footprint my network!

To be fair, it could have been legitimate.  But handing out thatkind of information without being certain of who I was talking to could have been very dangerous to the security of my network.

So beware of the random call from someone saying they are representing Microsoft or HP or Dell or any other company wanting to do a “survey” about your network.  It might just be a hacker footprinting your network.