By Joan Goodchild
January 11, 2010
You've got all the bells and whistles when it comes to network firewalls
and your building's security has a state-of-the-art access system.
You've invested in the technology. But what about the staff?
Social engineers, or criminals who take advantage of human behavior to
pull of a scam, aren't worried about a badge system. They will just walk
right in and confidently ask someone to help them get inside. And that
firewall? It won't mean much if your users are tricked into clicking on
a malicious link they think came from a Facebook friend.
In this guide, we outline the common tactics social engineers often use,
and give you tips on how to ensure your staff is on guard.
* What is social engineering?
* How is my company at risk?
* How do social engineers pull off their tricks?
* Why do people fall for social engineering techniques?
* How can I educate our employees to prevent social engineering?
What is social engineering?
Social engineering is essentially the art of gaining access to
buildings, systems or data by exploiting human psychology, rather than
by breaking in or using technical hacking techniques. For example,
instead of trying to find a software vulnerability, a social engineer
might call an employee and pose as an IT support person, trying to trick
the employee into divulging his password.
Famous hacker Kevin Mitnick helped popularize the term 'social
engineering' in the '90s, although the idea and many of the techniques
have been around as long as there have been scam artists of any sort.
(Watch the video to see social-engineering expert Chris Nickerson size
up one building's perimeter security)
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News