Social engineering is a human hacking tactic, as opposed to brute-force attacks, that involves unsuspected social engineers who take advantage of the gullible nature of the victim (You!) and extract information such as credentials, access codes, financial and trade secrets, and any other sensitive data that the victim is privy to. Humans are the weakest link in the security forte of an organization. A security appliance maybe difficult to break into; but an employee, who is easy to manipulate, is the hacker's key to Fort Knox. Social engineering also includes commonplace--but highly overlooked--threats such as phishing, hoaxes, shoulder surfing, tailgating, etc.
Common Social Engineering Traps
You could receive a call from a trusted source to reveal sensitive data
The caller can be a phony pretending to be someone else to con information from you
You could get an unsolicited email requesting credit card numbers and passwords to be filled in
It can be a phishing attack to obtain sensitive information from you
You could happen to meet with an unassuming stranger who wants to conduct a survey, or just earnestly seeks help
It could be a social engineer trying to con you with his guile of speech and false identity
Watch this video where Greg, a naïve and helpful IT administrator, gets hoodwinked by an expert telephonic trickster. Funny, and yet enlightening!
Help the Hacker Not! – Tips to Stay Protected
You don’t have to turn paranoid and be alarmed at every single phone call or email. It just takes more awareness and education on social engineering, and some secure online and social practices to stay protected.
Be aware of social engineering attacks. Educate your peers, employees and friends.
Do not divulge personal information and company data to any untrusted source, however convincing and genuine it may look.
If you are suspicious of any person or specific email, report the case to your organizational authorities and IT security teams.
If at all there happens to be a case of social engineering attack, monitor logs from all devices and workstations to see any unusual behavior pattern or non-compliant activity that may lead to data theft or other cyber-crimes. It’s nice to be helpful, but do you really want to help the hacker? (Unless you want to end up holding the golden crowbar like Greg does!)
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.