When Social Engineering Gets Physical
How your employees can be vulnerable to Physical Social Engineering (PSE) attacks
Thanks to the continued success of phishing, vishing, ransomware and other types of social engineering attacks… your employees continue to be the weak link in your security framework. While phishing and vishing are becoming more publicized, physical social engineering attacks—where the attacker is standing right in front of your employees—are still flying “under the radar.” Awareness of this fact is growing, and more and more of our customers want to include social engineering tests of their “human network” as part of the overall information security plan.
Here are a few examples of physical social engineering commonly used …
- Tailgating Attack: Tailgating is a social engineering ploy by cyber threat actors to trick employees into helping them gain unauthorized access into the company premises. The attacker seeks entry into a restricted area where access is controlled by software-based electronic devices. Since only authorized people hold the authority to gain access, cyber-criminals simply trick or fool one of the authorized people by following behind him/her for entry. Some examples of successful tactics to be aware of:
- Filling their arms in hopes someone will hold the door for them.
- Sneaking in behind someone before a door closes or locks.
- Planting a device to prevent a door from fully closing after opening.
These in-person hacks are less common than remote or automated attacks, but they nevertheless happen frequently and can be devastatingly effective. A few example results of a successful physical social engineering attack are:
- Direct access to physical devices (physical theft or electronic tampering).
- Uncontrolled access to network ports in offices, conference rooms, shared spaces.
- Ability to plant “phone home” devices – for example under desks or hidden behind large multi-function printers.
- Steal or copy/photograph physical documents (i.e. invoices, checks with account numbers, HR employee info, etc.)
In the current information security world, physical cyber security really is the missing piece of the puzzle and without taking it seriously, companies are literally leaving the front door open for threat actors to walk straight in. This has not escaped the criminal profession either, with a higher probability for success, criminal groups are quickly adding this to their tactics with physical attacks rapidly on the rise.
Find out how we can make your world more secure by calling us at 833-ALPHA-ONE or 334-245-3125.