What is social engineering, according to Merriam Webster social engineering is “management of human beings in accordance with their place and function in society” (www.merriam-webster.com, 2014). Social engineering is a non-technical form of intrusion that relies on human interaction in an attempt to get the victim to break normal security. An example would be the hacker acting like an engineer calling a company trying to get information on what type of firewall or networking equipment is being used in a company. This information could be used to help a perpetrator to gain access to the system, by allowing them to research vulnerabilities and default passwords.
Most exploits to a system are through social engineering. Almost everyone has received an email offering a free flashdrive, whitepaper or etc for filling out a survey. Moreover, have received an email from the bank or credit card company saying that there is suspicious activity on their account and please provide critical information needed to take care of the problem.
Why would a social engineer attempt to “hack” the person instead of hacking the system directly? The person is usually the weakest link. There is a lot more effort needed to gain access to the system by going through firewalls then tricking an unsuspected user.
Some of the techniques that a social engineer uses are Quid pro quo, Shoulder Surfing, Pretexting, Phishing, Spear Phishing, IVR/Phone Phishing, Trojan Horse, Dumpster Diving and Road Apples to name a few.
“Since there is neither hardware nor software available to protect an enterprise against social engineering, it is essential that good practices be implemented” (Peltier, 2014). How do we defend against the social engineer? Some practices that should be deployed:
Read the rest on Examiner.com’s website.