What is Social Engineering?

Social engineering involves deceiving victims into unwittingly disclosing confidential information or pursuing a fraudulent action. Social engineering is often used in phishing schemes. Cybercriminals rely on most people’s natural inclination to be helpful and use this to convince those with network access or other important secret information to disclose it. Looking over someone’s shoulder and quickly memorizing their passwords is one of the most basic tactics, as is dumpster diving, in which garbage is sorted through in order to find information that could be useful in breaking into a network. Eavesdropping as well as appeals to people’s vanity or their authority are additional ways in which information can be obtained from unwitting sources. Most importantly, however, is the social engineer’s ability to take advantage of the fact that people are often ignorant of how valuable certain information is and how closely it should be guarded. In this respect, security experts warn that because we are becoming more and more dependent on technology, social engineering will remain the biggest threat to security systems. In order to protect you and your organization from social engineering, one should never give out or write down their passwords, choose passwords that are not common and therefore difficult to guess, be aware of what information is to be protected and always shred documents with sensitive information.

Comments are closed.