Social engineering happens when someone uses manipulation, influence or reception to get another person to release information or to perform some sort of action that benefits a hacker.
Hackers will often take advantage of genuine security gaps in your network. But at organisations of any size, layers of sophisticated computer security can be undone in seconds because one employee—whether because of trust, lack of awareness, or carelessness—reveals company information to someone with malicious intent.
Your employees could be tricked into anything from allowing someone to tailgate them into your data center to giving up their passwords or user IDs over the phone. Social engineers go to great lengths to gain access to data they can exploit, such as:
- PERSONAL INFO - passwords, account numbers
- COMPANY INFO - phone lists, identity badges
- SERVER INFO - servers, networks, non-public URLs
Being familiar with social engineering techniques is your first line of defence.
You might believe that social engineers would be easy to spot. But often enough, they sound like people you run into at work every day.
What does a social engineer sound like?
On the Phone:
“This is Kevin from IT. We've been notified of a virus on your department’s machines.”
One of the most common scams—a hacker poses as an IT help desk worker to glean sensitive info such as a passwords from an unsuspecting employee.
“Hi, I’m the service engineer from HP and I think Ellen is expecting me at 1pm.”
This is why it’s so important that well-meaning staff members and other insiders need to be educated as to how and why they could be targeted—and what to do if they suspect a potential threat.
Entrance to the building:
“Oh! Wait, could you please hold the door? I left my key/access card in my car.”
People want to be helpful, and they often downplay the risks of engaging with someone they don’t know—and that can be a perilous mix.