When you hear the term social engineering, this is the security industry’s way of referring to a con or scam technique.
It’s basically the art of gaining access to buildings, systems or data by exploiting human psychology, rather than breaking in or using technical hacking techniques.
Famous hacker Kevin Mitnick helped popularize the term ‘social engineering’ in the 1990s, although the idea – and many of the techniques – have been around as long as there have been scam artists.
But how does social engineering work? Here are some examples.
In the office, a social engineer might lurk near a secure doorway with several boxes, and pretend they can’t reach their access card or key to get in. They’ll ask, “Can you hold the door for me?” and an unsuspecting office worker will let them in. The worker never realizes that they’ve just given a criminal access to their company’s office.
On the phone, a social engineer calls employees and pretends to be the IT Help Desk, trying to trick workers into giving them their password.
Social engineering is dangerous to corporate and personal data, because once a data thief has gained access, there’s no telling what they’ll do with it.
So, how can you avoid becoming a victim of social engineering? First, be aware. Awareness of the types of ploys these criminals use is your Number 1 defense.
Second, look around, pause and ask questions before doing or saying anything. If something doesn’t look or sound right, chances are you’re being played by a social engineer.