Social Engineering: The Basics

Social Engineering: The Basics
Social Engineering: The Basics 

By Joan Goodchild
Senior Editor
January 11, 2010

You've got all the bells and whistles when it comes to network firewalls 
and your building's security has a state-of-the-art access system. 
You've invested in the technology. But what about the staff?

Social engineers, or criminals who take advantage of human behavior to 
pull of a scam, aren't worried about a badge system. They will just walk 
right in and confidently ask someone to help them get inside. And that 
firewall? It won't mean much if your users are tricked into clicking on 
a malicious link they think came from a Facebook friend.

In this guide, we outline the common tactics social engineers often use, 
and give you tips on how to ensure your staff is on guard.

    * What is social engineering?
    * How is my company at risk?
    * How do social engineers pull off their tricks?
    * Why do people fall for social engineering techniques?
    * How can I educate our employees to prevent social engineering?

What is social engineering?

Social engineering is essentially the art of gaining access to 
buildings, systems or data by exploiting human psychology, rather than 
by breaking in or using technical hacking techniques. For example, 
instead of trying to find a software vulnerability, a social engineer 
might call an employee and pose as an IT support person, trying to trick 
the employee into divulging his password.

Famous hacker Kevin Mitnick helped popularize the term 'social 
engineering' in the '90s, although the idea and many of the techniques 
have been around as long as there have been scam artists of any sort. 
(Watch the video to see social-engineering expert Chris Nickerson size 
up one building's perimeter security)


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods