02 Mar Could Your Employees be Tricked by a Social Engineer?
Social engineering is the human side of breaking into a corporate network. Instead of hacking into the technology, social engineers attempt to gain sensitive information or unauthorized access privileges by building inappropriate trust relationships with insiders, and fooling them into providing valuable information or access to that information. Their goals: theft, fraud or espionage. An organization’s best defense against social engineering attacks is properly trained staff.
The simplest way for these fraudsters to get information is to ask for it directly, and this forms the basis for the various techniques used by hackers.
Common techniques used by social engineers:
- Phishing is a way of attempting to acquire information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
- Impersonation, such as posing as an employee, is arguably the best technique used by social engineers to deceive people because most people are basically helpful toward coworkers without question.
- Pretexting is when a social engineer develops a storyline that he or she is able to portray to the target. It provides the justification for the questions being asked.
- Dumpster Diving – Improperly discarded memos, organizational charts, or policy manuals could be used to gather information or pre-hacking purposes. Social engineers commonly research a predetermined target and determine the best opportunities for exploitation. Dumpsters provide a huge amount of information, including the information a hacker needs to impersonate an employee.
Social engineering attacks may be inevitable in the world today for the simple reason that humans are easy targets; nevertheless, that does not mean that attacks are unpreventable.
The single most important key to avoiding social engineering attacks is to not give sensitive information to anyone unless you can verify that they are who they claim to be and that they have a legitimate need for access to the information. Organizations and individuals can protect themselves through training and awareness as well as security-related policies and procedures.
Powered by www.InfoSightInc.com