In the context of information technology the term social engineering is defined as a psychological manipulation of people with the primary goal of them to act in a way that will lead to leaking of confident information. In more simple words, social engineering is a trick, people use to manipulate you into giving them important and secret information. Most often these are passwords or security measures.
There are multiple techniques people use in social engineering. Lets mention a few, which are more common in companies with multiple employees.
Basics
- Someone impersonates a person from the company that supports the office of your company. He then reports there is a problem. This is a lie, but it help him to get inside the building under false pretext. This way he can reach to company secrets with physical presence. Most often these intruders pose are technicians, firefighters or employees of rat/insect extinction companies.
- Someone displays a message that everyone in the office can see. It says that the help desk has a new number (which leads to the number of the fraud). When an employee calls to ask for help, the fraud asks him for personal and secret information to prove it is really him/her. This way the fraud collects the usernames, passwords and personal information of the company employees.
- Someone befriended a company employee with the only goat to get inside access and information. Often the victims do not understand they were caught in this type of manipulation and put their trust in this person. Sometimes it is not necessary for the victim to give him exact username and password. Sometimes the fraud would study the victim, to see how he/she thinks and acts, how he/she stores valuable information and use this research to hack his secret profiles.
In conclusion, there are many tricks and schemes for manipulating people to give confidential information. But there are ways to protect yourself them them.
How to protect yourself?
- Always be fully informed about the informational security in and outside your work place. You should know the people you are allowed to share information with, how to find the real phone numbers of help desk centers etc.
- Do not send access information over the internet, unless you encrypt the connection.
- Do not store your passwords on paper or uncrypted computer file. If you can’t remember all your usernames and passwords, there are many free applications who will store them securely for you. All you need to remember is the master password that unlocks the application.
- After you receive a service password from somewhere – change it immediately with a one that only you know.