So what is social engineering?

OK … so you’ve got all the bells and whistles when it comes to network firewalls and your building’s security has a state-of-the-art access system. You’ve invested in the technology, but what about your employees?

Social engineers, criminals or hackers often take advantage of human behavior to pull off a scam and aren’t worried about something like a badge system. They will just walk right in and confidently ask someone to help them get inside. And that firewall? It won’t mean much if your users are tricked into clicking on a malicious link they think came from a Facebook friend or a contact on LinkedIn.

Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person trying to trick the employee into divulging his password.

Social engineering has proven to be a very successful way for a criminal to “get inside” your organization. Once a social engineer has a trusted employee’s password, he can simply log in and snoop around for sensitive data. Another try might be to scam someone out of an access card to physically get inside a facility, whether to access data, steal assets, or even to harm people.

Social engineering is a popular tactic among hackers because it is often easier to exploit people’s behavior than it is to find a system vulnerability. Hackers will often use social engineering as a first step in a larger campaign to infiltrate a system/network and steal or cut off valid access to sensitive data (ransomware).

This is the first in a series of posts about this topic. In upcoming posts we will outline the common tactics social engineers often use as well as give you tips on how to ensure your employees are on guard.

Find out how we can make your world more secure by calling us at 833-ALPHA-ONE or 334-245-3125.