Social Engineering – Part 2 – Internal Threats

Yesterday, we started looking at Social Engineering. Today, we will look at some internal threats and more…

Internal Threats

Originally, social engineering took place in a physical setting. A hacker would do some preliminary research on a company structure or focus on behaviors in order to get that initial access into a building, server room or IT space. Once they have a “foot in the door” so to speak, obtaining pertinent data or planting malware becomes that much easier.

Tailgating

Often, they will enter a building without an access pass by simply acting like an employee that left it at home, this technique is known as tailgating. The only credential they need is confidence. This can also include a hacker posing as an IT person and conning people into believing that to be true so they can gain access to high-security areas. This is far easier than it sounds too. You can find company shirts at your local thrift store, exude confidence and gain access.

Psychology

Another interesting process hackers use to con their way into a business is by creating a hostile situation. According to PC World, people avoid those that appear to be mad, upset or angry. So, a hacker can have a fake heated phone call and reduce the likelihood of being stopped or questioned. Human psychology really is a tricky thing, isn’t it?

Public Information

Then of course, the more you know about someone the more likely you are going to gain the information you need from them. This involves everything from scoping out parking lots, observing the workspace and even dumpster diving. Nothing is safe anymore and your life is not always as secure as you’d like to think. Something as innocent as a bill can be used to harvest more information about a person.

Pretexting

Similar to online phishing, pretexting is a popular fraud tactic for phone calls. Often, they will disguise themselves as an authority such as a bank, tax official or even police. They will probe you with questions that could lead to giving up information that could compromise your identity. This personal information can be used to find out a whole slew of things. Not only can they get away with your money immediately, they can easily steal your identity with pertinent information like social security numbers or banking information.

Prevention

Social engineering can be prevented by being educated in it. With so many different ways to steal your important data its imperative that individuals and businesses go through some sort of training regarding these issues. However, on a day to day basis, getting into certain habits can help.

First of all, pay attention to your surroundings. Remember that physical social engineering still exists and you don’t want to be the one that caused your business corrupted data.

Next, do not open emails or attachments from suspicious sources. Moreover, if a legitimate looking email seems slightly suspicious, go to the source and find out for sure if they sent it. Also, multi-factor authentication can curb fraud immensely. One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise. Furthermore, if an offer seems too good to be true, it probably is. Don’t click the link, you didn’t win a cruise.

Then finally, keep your antivirus and/or antimalware software updated at all times. This is the best line of defense if for some reason your system has been compromised. For the most part, use your best judgment and common sense. Social engineers have gotten very good at their jobs, but you need to keep ahead of them.

Yesterday’s article: Social Engineering Part 1

Get a free network security audit

Find out how your company might be vulnerable to security threats and learn how to fix them.