Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 3 December 2012

Social Engineering

What is social engineering?   

This is a method used by people to gain unauthorised information or access to facilities or data.  One common method is to visit a company and just listen  while waiting in reception.  You will learn a great deal.  The receptionist will  also furnish a great deal of information about the organisation if approached in the correct manner.

"Is Fred Bloggs the IT Manager still here?".  Often the answer will be something like,  "I haven’t been here long but I think the IT Manager is Arthur Redpath".  Of course you looked at the car park spaces outside the building which helpfully have the names of senior staff  printed for all to see.

In just a few moments the social engineer has the names of the senior staff and that of the IT Manager.   
The receptionist will certainly confirm if the senior staff are in today but, by default, an empty car park space usually means that person is not in.

Once been let in to the main building  the social engineer will usually be accompanied but a trip to the washroom will not.  There may be offices or work stations where an employee  has not locked their computer or an unguarded list of telephone numbers with names.

These small pieces of information can be invaluable.  Impersonating an employee on the phone  can often get a response to the question,  "I can’t remember my password can you tell me what it is or can you reset it please?",  "I have a terrible cold at the moment" usually stops further enquiries being made.

Using the persons log in details which are usually first and last name or some other easily guessed combination together with the newly reset password, gains access to the company network.

Listening to mobile phone conversations is always a good source of information, particularly when a computer systems administrator is trying to diagnose a problem remotely.   Trains are ideal for this.
Christmas parties, where alcohol  loosens tongues is  also great for hackers.

I could go on but I think you get the picture. 

Make everyone is aware of social engineering and how easy it is to give away small pieces of information.

These small pieces when collated become a significant amount of information which could be of use to anyone wishing to do some damage or steal information.

Beware of giving vital information away.

No comments:

Quality Matters

P.O.Box 5479
Maldon
Essex
CM9 8GG
England

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design