subject: The Danger Of Social Engineering [print this page] Though the internet and related technology has helped open up our world to a level of communication that is truly astounding, it has also had other unfortunate side effects. Criminals and thieves now have an even greater ability to steal identities and personal information. One of the most dangerous is social engineering. Social engineering is the term that has been used to describe the act of manipulating people into divulging sensitive personal information for the purpose of fraud, gathering information, or gaining access into a computer system.
Several methods are used to con people into divulging this information. One of these methods is called pretexting. When pretexting, a criminal calls a targeted victim over the telephone and invents a hypothetical scenario (or pretext) to con that person into divulging information or performing an act. In order to do this, usually the criminal has done some research so they sound informed about whatever information they are trying to obtain. This technique is often used to gain customer information from businesses. Often the caller impersonates an authority figure or someone who would have a right to that information.
Another common technique in social engineering is called phishing, which is a way to obtain personal information fraudulently, usually by email. The person sending the email will most likely impersonate a reputable company claiming that they need information from that person or there will be dire consequences. For example, just recently there was a phishing scam in which the scammers sent emails that appeared to be from a reputable online financial company claiming that the company needed the client to log in to their account through the email in order for the account to stay active.
IVR and phone phishing is another tactic. In this method the scammer uses an interactive voice response (IVR) system to call victims. This system resembles an automated phone system from a bank or financial institution, which will call the victim and prompt them to call the bank at a false phone number and verify personal information.
These are only three of the methods that social engineering criminals have come up with to scam people into divulging personal information. This can be an especially difficult situation for a large company or business with many employees, because of the layers of communication that exist at a company. In this type of situation, social engineering is one of the biggest threats. For this reason, many companies offer security awareness training in order to alert people to the methods that scammers use to obtain information. Security awareness training can help educate employees and train them in ways to avoid becoming the victim of a social engineering scam.
