I was amazed to read about an ex-employee of McDonalds in the US who has secured a $6.1 million settlement (opens in new tab)over a lawsuit that alleges she was forced to strip in the assistant manager's office after someone called up, posing as a police officer.
What appears to have happened is that a hoaxer used his social engineering expertise to call and pose as a police officer to the assistant manageress of the fast food restaurant.
The assistant manageress was told to order the female employee into the office and strip off. Then - and this is where it starts to get bizarre -Ed - the employee was forced to stand almost naked for several hours whilst the caller stayed on the line.
After a while, the manageress had to return to her restaurant duties, so she was persuaded to get her fiancee in to guard the female employee (who was still in the nip, you'll recall).
The `police officer' caller than persuaded the fiancee to sexually assault the female employee - for what reason we can only guess at -Ed - which is when, you'll be surprised to hear, things really started to get out of hand.
But wait (opens in new tab)- it gets even more bizarre, as the jury in the case has also awarded $1.1 million to the assistant manageress of the McDonalds restaurant as compensation over the affair.
This is the same assistant manageress who led the strip search of the female employee at the request of the hoax caller and who is now on probation for a misdemeanour conviction in relation to the incident!
The manageress' former fiancee, by the way, is currently serving five years in prison for sexually abusing the female employee during the hoax call.
McDonalds, meanwhile, says it wasn't to blame for the affair, as it was all the fault of the hoax caller.
The fact that the assistant manageress was stupid enough to fall for this social engineering hoax call is, of course, another affair.
I remember reading one of Kevin Mitnick's books (opens in new tab)a few years ago in which he said that social engineering was a very powerful tool in the hands of a hacker.
I'm beginning to think he may have been right. You can read more on this utterly bizarre legal case here... (opens in new tab)