How effective are your information security policies? If you were one of 30 companies targeted by hackers at the Defcon computer security conference in Las Vegas, July 30 through Aug. 1, you might find out the hard way.

A contest taking place at the conference involves a social engineering scheme in which hackers are instructed to call companies and try to trick employees into divulging information, reports IDG News Service's Robert McMillan. In an effort to make sure no laws are broken, contestants are not allowed to ask for passwords or sensitive information, impersonate law enforcement or make the people they call feel at risk.

While the data sought is not considered particularly sensitive, industry groups and the Federal Bureau of Investigation raised concerns. Hackers might ask for information about things such as a company's paper shredding and dumpster removal services, McMillan reports.

The Financial Services Information Sharing and Analysis Center issued an advisory last month, instructing financial institutions to "brief their personnel, especially call centers and legal departments regarding this event," the advisory states.  However, the contest organizers said that no companies in the financial, health care, educational or government sectors were going to be targeted.

For more:
- see Robert McMillan's article at NetworkWorld

Related Articles:
Tricks of the social engineering trade
Report: Enterprises are a growing target for cybercrime
Researchers offer tool to break into Oracle database systems