Data/Cyber/Cloud Security, Privacy, Website Security, Data Encryption, Malware/Viruses, Open Source Intelligence, Cyber Defence, Data Breaches, Travel Reviews & Photos
Crimsters (that's my word), innocent adults and innocent kids have a habit of posting all sorts online. From pictures of them smoking naughty things, posting their first ever credit or debit card, incriminating themselves to telling the world they are on holiday. Nothing surprises me.

In the last few months I have noticed something "new". People posting on LinkedIn to say they are joining or leaving a company. Not vastly exciting you may think. In the post is a high-resolution image of their company ID badge and more. I randomly spotted the image at the bottom of this piece on LinkedIn, from a non-Brazilian contact. It has her employee number to.

Big deal?
Two words: social engineering.

Armed with a high res photo, a template could be made easily and quickly on a desktop. The photo and name could be swapped out, and a new fake ID card printed. For £5 sellers on eBay will print out plastic IDs - see: https://www.ebay.co.uk/sch/i.html?_odkw=id+printer&_osacat=0&_from=R40&_trksid=p2045573.m570.l1313.TR7.TRC1.A0.H0.Xcompany+id+printed.TRS0&_nkw=company+id+printed&_sacat=0.

Failing that and if a eBay seller refuses to made fake ID, just order the printer and print out your own at home. From the photo you could see what type of material lanyard is used. Source that too from a seller or get one custom printed. Warning: the eBay seller could report you so maybe just do this at home or at the office assuming you have written permission.

What is next?
You now have a good quality corporate ID but remember it will have no RFID chip embedded in it (there are ways of getting this of course). Thus, you cannot just swipe the pass at the barriers. Put on a suite and tie, or a female equivalent. Build up a sweat before you enter. Take a fancy looking business bag and papers plus a coffee.

Rock up to reception, attempt to swipe at the barriers, wait for security to come over, act like you are important and in a hurry. Say I think my phone has erased the magnetic stripe (false of course since RFID is different), act important and say you are here for a high-powered meeting. You get the gist...



Since I am very nice I have pixelated the ID photo above... of the company with a turnover of tens of billions of Euros!