What is social engineering
Submit Articles Back to Articles
This is a method used by people to gain unauthorised
access to facilities or data. One common method is to visit a
company and just listen while waiting in reception.
will learn a great deal. The receptionist will also
a great deal of information about the organisation if approached in the
"Is Fred Bloggs the IT Manager still here?". Often the answer
will be something like, "I havenít been here long but I think
IT Manager is Arthur Redpath". Of course you looked at the
park spaces outside the building which helpfully have the names of
senior staff printed for all to see.
In just a few moments the social engineer has the names of the senior
staff and that of the IT Manager.
The receptionist will certainly confirm if the senior staff are in
today but, by default, an empty car park space usually means that
person is not in.
Once been let in to the main building the social engineer
usually be accompanied but a trip to the washroom will not.
may be offices or work stations where an employee has not
their computer or an unguarded list of telephone numbers with names.
These small pieces of information can be invaluable.
Impersonating an employee on the phone can often get a
to the question, "I canít remember my password can you tell
what it is or can you reset it please?", "I have a terrible
at the moment" usually stops further enquiries being made.
Using the persons log in details which are usually first and last name
or some other easily guessed combination together with the newly reset
password, gains access to the company network.
Listening to mobile phone conversations is always a good source of
information, particularly when a computer systems administrator is
trying to diagnose a problem remotely. Trains are
Christmas parties, where alcohol loosens tongues is
also great for hackers.
I could go on but I think you get the picture.
Make everyone is aware of social engineering and how easy it is to give
away small pieces of information.
These small pieces when collated become a significant amount
information which could be of use to anyone wishing to do some damage
or steal information.
Beware of giving vital information away.
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters
an established independent management consultancy based in Essex, UK
which specialises in ISO27001
Information Security Management consultancy.
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2013-01-10 09:05:36 in Business Articles
Copyright © 2004-2020 Scopulus Limited. All rights reserved.