What is Social Engineering?
Social engineering, as defined by Wikipedia in the context of security, is the art of manipulating people into performing actions or divulging confidential information.
While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims.
"Social engineering" as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer professionals.
Each of us is responsible for an organization’s data integrity. Human behavior is always the weakest link in a security program. A company can spend millions of dollars on all kinds of security equipment, but it only takes one person for a company’s security to be compromised.
Each of us is responsible for understanding and preventing Social Engineering Attacks.
How is Social Engineering accomplished?
Social engineering is accomplished through various methods including dumpster diving and persuasion. Methods of social engineering include:
A social engineer can use a combination of all of these methods to accomplish his final goal. In fact, most successful ploys will incorporate at least 2 of these methods.
How do you avoid being a victim?
What do you do if you think you are a victim?
Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).
Addtional Best Practices to prevent Social Engineering?
There are a variety of best practices that each of us can follow to prevent a social engineering attack. These practices include:
A video presentation of Identifying Social Engineering Attacks can be found here.
For additional reading see: How to avoid Phishing Attacks.