Social Engineers In A Not So Personal World

By Author: Stu Sjouwerman
Total Articles: 3
Comment this article

With much of our lives played out over social media and the Internet as a whole. Social engineers are still finding cunning and personal ways to access information about individuals and businesses.

With much of our lives played out over social media and the Internet as a whole. Social engineers are still finding cunning and personal ways to access information about individuals and businesses. Email spear phishing campaigns to obtain confidential and company sensitive document are picking up steam and new forms of personal attacks are beginning to emerge.

Today’s social engineers use a variety of tactics to garner information from unsuspecting victims. The most personal assault is impersonation. Impersonation occurs when an attacker takes on your identity or the identity of an organization’s executives. These attacks can be used to access proprietary information or even technical support and obtain access to a company’s database. Hackers can easily accomplish their mission via telephone calls, in person, or through spear phishing. They try to tap into a person’s needs and wants and appear be ...
... of assistance. Through persuasion they can make a person feel compelled to release information or follow nefarious instructions. This type of scheme can also involve intimidation tactics. But it is important to remember that they require your assistance in order to be successful. If ever faced with an intimidating or pushy person calling or emailing for information, hone in on your instincts. Don’t give out any secure information such as passwords or logins.

Whether used at the office, in a coffee shop, or airport, computers and mobile devices for personal and/or professional are always in the view of prying eyes. Social engineers can gather information and gain access to all types of personal or company data. A common misconception among computer users is if a person is a few feet away it is nearly impossible to see what you are doing. The truth is many hackers are well equipped with instruments and tools that can magnify the contents on the screen that were thought to be private. This type of eavesdropping can be done from doorways, windows, across the room or at the next table or chair. Attackers can even listen in on conversations that were supposed to be confidential. Sometimes easy fixes can assist in combating eavesdroppers. Just by turning your computer, you can deter intrusion on secure information. Screen covers can also be purchased to black out screens to people standing a distance away.

Another breach of privacy can be as simple and friendly as holding open a door for a seemingly innocent person into a secure part of a company’s building. Unwittingly, an employee may have given a social engineer access to areas or persons that would otherwise be protected. While a straightforward solution would be to close the door experts suggest that employees employ a friendly demeanor and ask if the person requires assistance. In many cases, attackers can become flustered and not provide answers. This can raise warning signs that can prompt employees to call or locate security personnel.

Acknowledging the existence of social engineers is the first step to protecting yourself and your company from attack. Being alert and skeptical of strangers or sources of information is the best way to avoid personal security and company issues. Arming yourself with Internet security awareness training is also a beneficial step in recognizing attacks. Social engineers spot weaknesses and prey on them; by being conscious of habits such as closing the door behind you in secure areas, positioning your screen to protect against person looking over your shoulder in public places and securing passwords by clearing saved data, you can beat these criminals at their own game.
Resource: http://www.knowbe4.com/