Being secure has plenty of derivatives, such as feeling safe at home, when on the job or even when you’re surfing the Net. Computer and network security go hand in hand, as hackers and phishers are learning the art of breaking in where they certainly don’t belong. This leads us to the notion of social engineering, a phrase that can hardly be summed up in one sentence or even paragraph.
To state it briefly, social engineering revolves around the idea that humans willingly accept what they deem as truthful, tending to follow something they feel is authentic. However, this becomes a problem when someone or something wishes to take advantage of our vulnerability, leaving us robbed or destructing a population or network.
When it comes to PC’s and the information age, social engineering is used to gain access to company networks through fraud, deceit, intrusion or even through entities like viruses and rootkits. You’ve probably heard of telephone company fraud, where shady figures were able to gain access to confidential phone records by posing as an individual they weren’t. Well, this is one route hackers and thieves take, but there are more complicated methods as well.
Social engineering is commonly targeted at telephone help desks, as an individual up to no good can pose as someone they aren’t and fool the customer service rep into handing over vital information. Hackers often target pay phones and ATM’s as well, stealing PINS right and left. It’s a great way for them to snag your credit card or debit PIN without you ever knowing it until it’s too late.
Another method hackers and thieves use to gain inside access to your company’s information is through “dumpster diving.” Imagine the paper trail left in your office’s dumpster (and we know that paper shredder doesn’t see it all.) Calendars, meeting notes, reports and source code print outs can all make their way into the wrong hands if left unguarded.
Let’s not forget e-mail and the hidden truth behind compromised security through your inbox. Hackers have the ability to sneak onto networks and act as the network administrator, an action that can typically be caught, but that some still fall prey to. A hacker knows what they want and use any method of persuasion to coerce you into giving up information you typically guard with your life. Remember, more often than not, there is a real person behind network attacks and this person put some psychological social engineering into their plan.
We have complied a list of tips to ensure that you will not fall victim of social engineering :
- Do not log-in on a unsafe computer
- Do not mix public information with business information
- Do not store information in your cell phone
- Use a shredder to discard mail and business information
- Do not store your passwords near your computer
- Do not use unknown USB drivers
