Font Size

What is social engineering


Chris Eden - Quality Matters Limited

Business Articles
Submit Articles   Back to Articles

This is a method used by people to gain unauthorised information or access to facilities or data.  One common method is to visit a company and just listen  while waiting in reception.  You will learn a great deal.  The receptionist will  also furnish a great deal of information about the organisation if approached in the correct manner.

"Is Fred Bloggs the IT Manager still here?".  Often the answer will be something like,  "I havenít been here long but I think the IT Manager is Arthur Redpath".  Of course you looked at the car park spaces outside the building which helpfully have the names of senior staff  printed for all to see.

In just a few moments the social engineer has the names of the senior staff and that of the IT Manager.   
The receptionist will certainly confirm if the senior staff are in today but, by default, an empty car park space usually means that person is not in.

Once been let in to the main building  the social engineer will usually be accompanied but a trip to the washroom will not.  There may be offices or work stations where an employee  has not locked their computer or an unguarded list of telephone numbers with names.

These small pieces of information can be invaluable.  Impersonating an employee on the phone  can often get a response to the question,  "I canít remember my password can you tell me what it is or can you reset it please?",  "I have a terrible cold at the moment" usually stops further enquiries being made.

Using the persons log in details which are usually first and last name or some other easily guessed combination together with the newly reset password, gains access to the company network.

Listening to mobile phone conversations is always a good source of information, particularly when a computer systems administrator is trying to diagnose a problem remotely.   Trains are ideal for this.
Christmas parties, where alcohol  loosens tongues is  also great for hackers.

I could go on but I think you get the picture. 

Make everyone is aware of social engineering and how easy it is to give away small pieces of information.

These small pieces when collated become a significant amount of information which could be of use to anyone wishing to do some damage or steal information.

Beware of giving vital information away. 

About the Author

Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an established independent management consultancy based in Essex, UK which specialises in ISO27001 Information Security Management consultancy.

Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2013-01-10 09:05:36 in Business Articles

All Articles

Copyright © 2004-2021 Scopulus Limited. All rights reserved.