Combating Social Engineering Effects

- Social Engineers take advantage because:

-  It is natural for people to want to help.

-  It is natural for people to trust.

-  It is natural for people to fear what happens when they do something wrong.

-  The most predominant way data is compromised.

-  Usually, the first type of attack to occur

-  A direct request from the attacker.

-  An indirect request from the attacker.

-  They ask questions that are not directly related to their objective and want the victim to supply the answers with the information they really want.

-  Use statements that make the person feel a certain way.

-  Fear of reprimand or losing their job.

Source:
Call backs, in that if someone calls wanting information, you say thank you I'll call the help desk right back, and call the internal help desk to see if they just called. False calls mean that there is social engineering going on. Never pass out a password to anyone on a phone, even if the caller id says that they are internal. Use a one-time password and e-mail it only to a corporate e-mail address.

The real outcome on this is that the people who answer the phone need to know that if someone is just not behaving as if they are part of the organization. Or are asking for things that folks should not have then it is time to get the number (caller ID is excellent) or do call backs as a normal company policy, or just say no and refer the issue upwards to a tier that can hold itself against a raging senior VP. Social engineering can be reversed, especially if there is a policy of callbacks to the service desk, and the manager can hold their own against people who are trying to throw their weight around.

Suggest a Correction

Found an error or have a suggestion? Let us know and we'll review it.

Your Name *

Your Email *

Correction Details *

Submit Correction