Attacks

Malicious hackers use various forms of social engineering in an attempt to steal whatever you have of value: your money, information, identity, confidential company data, or IT equipment. Attackers use techniques such as impersonation, company jargon, embedding of questions, grooming, trust, persistence and patience, and even emergencies to gain their ends. They use tools such as social networking sites and P2P software to obtain information disclosure.

The main reason that social engineering succeeds is due to lack of user awareness. Social engineering can also be effective in environments in which the IT personnel have little training and in public areas, for example, public buildings with shared office space.

The most common types of social engineering are:

Phishing – the attempt to fraudulently obtain private information. A phisher usually masquerades as someone else, perhaps an official entity;

Pretexting – is when a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information;

Diversion Theft – happens when a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location;

Eavesdropping – occurs when a person uses direct observation to “listen” in to a conversation;

Dumpster diving – is the act of literally scavenging for private information in garbage and recycling containers;

Baiting – happens when a malicious individual leaves malware-infected removable media such as a USB drive or optical disc lying around in plain view;

Piggybacking – is when an unauthorized person tags along with an authorized person to gain entry to a restricted area;

WellSecurity offers Social Engineering services to counter these threats fitted to your needs and specific parameters.