What is Social Engineering?
Posted by Jonathan Veal on Wednesday, May 2, 2012
Under: Information Security
Many articles have been written about the risks associated with using the internet, however often these focus on the technology. True there a many tools hackers can use in an attempt to steal our data, and many tools we can use to defend it, for example firewalls, anti-malware programs and encryption. However why go to the trouble trying to break in if someone will open the door for you? Most modern cars have an engine immobiliser fitted but that's of little use if you give someone the keys.
If someone rings you up or emails you to ask for your username and password can you verify who they are? Why do they need to know? - if there is any doubt whatsoever don't tell them. In fact all major banks make it quite clear they will never contact you in this way. Be careful when clicking on any links in an email and ensure you have been re-directed to the genuine website, it may be a spoof page designed to collect your details. Don't use 'public domain' information such as your mother's maiden name, favourite colour, first school etc. for your security questions. If it's on Facebook then someone can find that information and could use it to try and impersonate you.
I've overheard someone on a busy train shout their credit card number, expiry date and security code down their mobile phone! Anyone who could find out his name would have been able to use those details to try and buy something online or over the phone at his expense.
If someone rings you up or emails you to ask for your username and password can you verify who they are? Why do they need to know? - if there is any doubt whatsoever don't tell them. In fact all major banks make it quite clear they will never contact you in this way. Be careful when clicking on any links in an email and ensure you have been re-directed to the genuine website, it may be a spoof page designed to collect your details. Don't use 'public domain' information such as your mother's maiden name, favourite colour, first school etc. for your security questions. If it's on Facebook then someone can find that information and could use it to try and impersonate you.
I've overheard someone on a busy train shout their credit card number, expiry date and security code down their mobile phone! Anyone who could find out his name would have been able to use those details to try and buy something online or over the phone at his expense.
In : Information Security