PCI Services Blog

What is Social Engineering?

Posted by Richard Common on 18-Oct-2016 11:04:22
Find me on:

Social engineering happens when someone uses manipulation, influence or  reception to get another person to release information or to perform some sort of action that benefits a hacker.

Hackers will often take advantage of genuine security gaps in your network. But at organisations of any size, layers of sophisticated computer security can be undone in seconds because one employee—whether because of trust, lack of awareness, or carelessness—reveals company information to someone with malicious intent.

Your employees could be tricked into anything from allowing someone to tailgate them into your data center to giving up their passwords or user IDs over the phone. Social engineers go to great lengths to gain access to data they can exploit, such as:

  • PERSONAL INFO - passwords, account numbers
  • COMPANY INFO - phone lists, identity badges
  • SERVER INFO - servers, networks, non-public URLs

Being familiar with social engineering techniques is your first line of defence.

You might believe that social engineers would be easy to spot. But often enough, they sound like people you run into at work every day.

What does a social engineer sound like?

On the Phone:

“This is Kevin from IT. We've been notified of a virus on your department’s machines.”
One of the most common scams—a hacker poses as an IT help desk worker to glean sensitive info such as a passwords from an unsuspecting employee.

Reception Desk:

“Hi, I’m the service engineer from HP and I think Ellen is expecting me at 1pm.”
This is why it’s so important that well-meaning staff members and other insiders need to be educated as to how and why they could be targeted—and what to do if they suspect a potential threat.

Entrance to the building:

“Oh! Wait, could you please hold the door? I left my key/access card in my car.”
People want to be helpful, and they often downplay the risks of engaging with someone they don’t know—and that can be a perilous mix.

Book a Free Assessment

Managed Anti Spam

Managed Anti Virus

What is Spear Phishing

Held to Ransom Without a Masked Gunman in Sight

What is a Human Firewall? and how it differs from a firewall appliance

Topics: Security

Leave a reply