Social engineering attacks

With a social engineering attack, the attacker compromises the network or system through social interaction with an individual, through an e-mail message or phone call, and tricks the individual into divulging information that can be used to compromise security. The information that the victim divulges to the hacker would most likely be used in a subsequent attack to gain unauthorized access to a system or network.
The key to protecting yourself and fellow employees from social engineering attacks is education! Keeping all personnel aware of the popularity of social engineering attacks and the different scenarios that could be examples of social engineering attacks will help raise the security level of the organization.

There are a number of different examples of social engineering attacks. The following are some of the most popular scenarios:

·         Hacker impersonates administrator in this example, the hacker may call the employee and impersonate the network administrator. The hacker will try to convince the employee to change their password or divulge password information.

·         Hacker impersonates user in this example, the hacker calls an unsuspecting network administrator and plays the role of a frustrated user who cannot log on to the network. The network administrator naturally helps the “user” by resetting the password and helping them log on—problem being it is actually the hacker!

·         Hacker impersonates vendor in this example, the hacker may e-mail a customer pretending to be the vendor of a piece of software. In this example, the hacker tries to get the user to install an update, but the user doesn’t realize the update is really a Trojan virus that gives the hacker access to the system.