In the world of information security, ‘social engineering’ is a term that describes a non-technical way of hacking that relies on the hacker to collect information to bypass normal security controls. It is the art of manipulating users into performing actions or divulging confidential information.
Hackers find social engineering tactics very useful because it is usually easier to exploit user’s natural inclination to trust than it is to actually compromise your system. For example, it is much easier to fool someone into giving their password than it is for to try hacking their password.
SecurityOrb.com has provided a list of common tricks and ways to avoid them below:
Signs of a Social Engineering Attempt:
• A refusal by the caller to give contact information
• Rushing through the conversation
• Odd questions
• A request for sensitive information
• Misspellings in an e-mail
Avoiding Social Engineering Attempts:
• Do not participate in unapproved surveys on the telephone or online
• Do not give out personal information
• Do not give out computer or network information
• Do not follow instructions from unverified personnel
• Document interaction:
– Verify the identity of all individuals
– Write down phone number
– Take detailed notes
• Contact your security point of contact (SPOC)
Kevin Mitnick points out that it is much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.
Be careful and if it doesn’t feel right, than most likely it isn’t right…