Coincidently with my current interest in social engineering practices I believe I recently encountered a real world attempt aimed in my direction. Late Saturday evening received a call claiming to be from the local police department in reference to a speeding ticket.
Something immediately seemed of as caller asked ‘who am I speaking?’ rather than ‘can I speak to X?’. The caller then proceeded to request a meeting at my house for an interview, asking both when we’d be available and ‘what is your address?’, despite the fact the caller had supposedly sent the ticket information in the post.
At this point the call was terminated at this end as confidence was fairly high that the caller wasn’t genuine and the caller recieved no information beyond the fact that a human was available to answer the phone. I’m also confident that I won’t see a ticket in the post this week (unless by strange coincidence).
Best guess is that this may have been recon for a potential burglary (What is your address? When will you be home?) or potential pre-text for an on site visit (‘policeman’ turns up for interview and needs to use ‘bathroom’). The incident has been reported to the authorities and, with the exception of being advised to lock all windows and doors when not home (obviously don’t know I’m already overly paranoid), the incident won’t be taken any further at this time.
Hopefully nothing further will come as a result of this incident but has left me spooked nonetheless. Information security seems to be all fun and games, until you encounter some of the theory in the real-world, away from prior-permission and contracts.