Social engineering is the non-technical cracking of information security. It applies deception for the sole purpose of gathering information, fraud, or system access. A number of tactics could be followed, including:
Social engineering was initially associated with social sciences. However, the way it is used makes it also relevant to computer professionals as it is a significant threat to any system's security.
Spear phishing is a common technique in social engineering. For example, a phisher would send an email to addresses at the target company asking the user to verify security information. The email is made to appear legitimate and be coming from the IT staff or senior management along with a warning for major consequences if the required information is not provided. As with a regular phishing attack, the victim clicks a link that goes to a site the hacker has setup to gather the sensitive information, generally with the look and feel of the real website. After gaining the info, the hacker can access the company's network using a legitmate login. Dumpster diving refers to a literal search of an organization's garbage for information that can be used to access a company's network. Companies often discard sensitive information, including system manuals, which intruders use to access information systems. In some cases, un-erased complete hard drives with extremely sensitive information are discarded, allowing the dumpster diver to easily boot up and obtain information. Social engineering is as dangerous and harmful as any other technical attack. In fact, you could argue that social engineering is more serious than other threats as humans are always going to be vunerable. It's not that tough to properly configure a firewall. It's very difficult to train all new staff to not fall for social enginering exploits.
Read More ยป
Get Techopedia delivered to your inbox!