Commonwealth Films\u2019 training video, \u201cStolen Access: Keeping Information Secure,\u201d relates some warning signs that can indicate a social engineering attack.This 2003 production starts with a credible scenario demonstrating social-engineering techniques as industrial spies penetrate an organization by posing innocent-sounding questions to employees by phone. The criminals find the name and position of their target, his secretary\u2019s name and their phone extensions. They pose as job applicants, new employees and customers. They determine that their target is on holiday, that he has forgotten his new password, and who has the emergency password list. They impersonate the target\u2019s sister-in-law, provide convincing sound effects to convince the keeper of the password list that the target is too ill to come to the phone, and achieve their objective: the target\u2019s password. The criminals then steal copies of the target\u2019s confidential files and read his e-mail for weeks. They sell the competitive information to competitors and cost the target\u2019s company several contracts in competitive bids.As the film sums up, here are the warning signs:* The caller tries to frame his or her request as an emergency.* Social engineers often invoke authority as a tool of intimidation.* They may claim that there\u2019s a technical emergency and offer or ask for technical help.I\u2019d add that a real bell-ringer is that they ask for passwords over the phone. Down boy! Bad social engineer. BAAAADDD social engineer! (Sorry, we have a new puppy and I\u2019m getting into strange verbal habits.)Advice from the technical consultants at Commonwealth Films on handling an unusual call:* \u201cIf it seems wrong, assume it is wrong.\u201d* \u201cIf you\u2019re uncomfortable, end the call.\u201d* \u201cDon\u2019t violate policy to \u2018help\u2019 a friend or associate.\u201d* Disclose only appropriate information.* Report unusual calls.The film continues with an interesting scenario demonstrating how eavesdropping on indiscreet conversations can allow an industrial spy to deduce passwords when employees use personal preferences and interests to secure their system access. Casual public conversations and overly explanatory, unencrypted directories and files make spies\u2019 work too easy by half. The film provides excellent suggestions for choosing effective passwords.Other scenarios in the film:* Phishing scams using bogus \u201cvirus warning\u201d e-mail messages and fake Web pages that ask for system logon information.* Being too trusting at work by leaving confidential files accessible on a workstation session, discarding unshredded bad photocopies of confidential documents, leaving confidential documents in photocopiers and on fax machines, and (yikes) putting passwords on Post-It notes.* Using public wireless access points for communication of confidential data without VPN software.* Bogus cellular phone calls asking users to input their personal identification numbers \u201cto keep your service active.\u201dAs always, this Commonwealth Film training video is a valuable contribution to corporate security awareness programs. Congratulations to writer and director Bruce McCabe, producer Jennifer Wry and veteran executive producer Thomas McCann.Note: The author has no financial interest whatsoever in Commonwealth Films. However, these nice people allow me to show their previews to my students in class and I am grateful to their director of customer relations, David Burke, for his consistent kindness over many years.