Social engineering - The Clever manipulation of the Natural Human tendency to trust

Social engineering takes advantage of the weakest link in any organization’s information security defenses : the employees . Social engineering is “ people Hacking : and involve maliciously exploiting the trusting nature of human beings to obtain information that can be used for the personal gain .

Typically, malicious attackers pose as someone else information they otherwise can’t access. They then take the information obtained from their victims and wreak havoc on network resources , steal or delete files and even commit industrial espionage or some other form of fraud against the the organization they are attacking . social engineering is different from physical security issues , such as surfing and dumpster diving , but they are related .

Some examples of social engineering :

False support personnel :- claim that they need to install a patch or new version of version of software on a user’s computer , talk the user into downloading the software , and obtain remote control of the system .

False vendors :- claim to need to make updates to the organization’s accounting package or phone system . ask for the administrator password , and obtain full access .

Phishing e-mail :- sent by hackers gather user IDs and passwords of unsuspecting recipients . the hackers then use those passwords to obtain access to bank accounts and more .

False employees :- notify the security desk that they have lost their keys to the computer room , are given a set of keys , and obtain unauthorized access to physical and electronic information .