Social Engineering

954 Words Nov 3rd, 2012 4 Pages
SOCIAL ENGINEERING

INTRODUCTION
Social Engineering is using non-technical means to gain unauthorized access to information or system. Normally a hackers would use exploit a systems vulnerabilities and run scripts to gain access. When hackers deploy social engineering they exploit human nature. Social Engineering is represented by building trust relationships with people who work in the inside of the organization to gain access or who are privilege to sensitive information such as usernames, passwords, and personal identification codes which are needed to gain access to information, networks and equipment. An attacker may appear to be trustworthy and authorized, possibly claiming to be a new
…show more content…
For example an attacker may send email seemingly from a trusted credit card company or financial institution that request account information, often suggesting that there is a problem. When users respond with the required information the attacker can use it to gain account access.
In CSO Security and Risk News there was an article about social engineering. An exercise was done by CTF called “How Strong Is Your Schmooze. It was an attempt to raise awareness about social engineering in order to commit a crime. It challenged contestants to attempt to breach (in an ethical and legal way) information about target companies that could be used for a hypothetical attack. Contestants made 140 phone calls to employees at target companies seeking information. Almost all gave the callers the information they were looking for; only five employees did not and 90 percent of targeted employees opened up a URL sent to them by contestants. Even though they really didn't know the person who had sent it. The numbers reveal social engineering is a huge problem for all organizations, said Chris Hadnagy, who organized the contest.
TRAINING
Training users is in your organization is the most important thing to reduce the threat of social engineering. It requires commitment of the executive staff, the involvement of all employees, and the effective security policies and procedures for everyone tied to