Social Engineering is a technique of deceiving people to reveal sensitive information which they would usually not share. It typically involves trickery for the purpose of information gathering, fraud, or access to computer systems.

What methods are used by social engineers?

  • Disguise: The social engineer usually asks simple or trivial questions by phone or e-mail while pretending to be someone with authority, such as helpdesk or law enforcement.
  • Phishing: The phisher typically sends an email or SMS that appears to come from a legitimate business, requesting for information.
  • Dumpster Diving: By going through your trash, someone would have access to your personal information from documents such as receipts or bills.

How can you identify social engineers?
There are some common behaviors for people engaged in social engineering:

  • The hacker often presents him/herself as a respected person who can be trusted.
  • A new employee who does not know the organization’s procedures.
  • He/she usually provides accurate information to the victim such as the name of the organization or the names of staff working in that same organization.

Best practices

  • Do not share your password or personal information (e.g. Identity Card, credit card number, bank account) with anyone.
  • Keep your private information to yourself.
  • Be aware that social engineers will say anything to convince people to give out personal information.
  • Never provide sensitive information via email, phone message or phone call.
  • Your organization should have a strong security policy for information disclosure.
  • Organizations need to have an adequate number of awareness sessions explaining its security policies to its staff.
  • You should not hesitate to question the identity of the person asking for information from you, even if the request for information came from a senior position.
  • Do not send personal or financial information through e-mail unless you are positively sure that it’s safe.
  • Do not click on a link within an email to update your personal information.
  • Shred paper documents containing important information, preferably using shredders that cut papers vertically and horizontally.
  • Do not believe everything you see on the Internet.

Tags: Social Engineering