Social Engineering

Social Engineering is a technique of deceiving people to reveal sensitive information which they would usually not share. It typically involves trickery for the purpose of information gathering, fraud, or access to computer systems. 

 

What methods are used by social engineers? 

  • Disguise: They would pretend to be someone with authority and ask simple or trivial questions by phone or e-mail. 
  • Phishing: They would typically send an email or text message that appears to come from a legitimate business, requesting for information. 
  • Dumpster Diving: By going through your trash, someone would have access to your personal information from documents such as receipts or bills. 

 

How can you identify a social engineering attempt? 
There are some common behaviors for people engaged in social engineering: 

  • They often present themselves as a respected person who can be trusted. 
  • There would be a false sense of urgency to pressure you to act quickly. 
  • They can sometimes provide accurate information to the victim such as the name of the organization or the names of staff working in that organization. 

 

Best practices 

  • Don’t reveal your password or personal information (e.g. identity card number, credit card number, date of birth) with anyone.  Keep your private information to yourself. 
  • Be aware that social engineers will say anything to convince people to give out personal information. 
  • Never provide sensitive information via email, phone message or phone call. 
  • Your organization should have a strong security policy for information disclosure. 
  • Organizations need to have an adequate number of awareness sessions explaining its security policies to its staff. 
  • You should not hesitate to question the identity of the person asking for information from you, even if the request for information came from a senior position. 
  • Never send personal or financial information through e-mail. 
  • Don’t click on a link within an email which asks you to update your personal information. 
  • Use a cross-cut shredder to dispose of documents containing important information.