Avoid Social Engineering Attacks

Mar 1, 2008 12:00 PM


         Subscribe in NewsGator Online   Subscribe in Bloglines

Social engineering refers to techniques used to manipulate people into performing actions or divulging confidential information. Typically, it applies to trickery used for information-gathering or computer system access. In most cases, the attacker never comes face-to-face with the victim.

A common type of social engineering attack is conducted by phone. Attackers will try to engage the victim in an enjoyable phone conversation to generate familiarity that is useful in future calls. The familiar relationship may eventually lead the victim to divulge the “secret language” of his or her industry.

Receptionists are frequent targets for this type of attack. Here are five tips to share with your reception staff - and others in the organization - to help identify and prevent social engineering attacks by phone.

  1. Never assume a phone number that appears to come from within the organization is legitimate. Attackers may also play the same “hold” music as your organization in an attempt to trick you.

  2. Do not trust the caller ID function or identifying credentials. Verify them.

  3. Be polite, but don't offer what is not asked for.

  4. Do not fax or e-mail documents without independently verifying the recipient.

  5. Don't take for granted what you are told. Always verify names and phone numbers.

SOURCE: Sal Lifrieri is president of Protective Countermeasures & Consulting Inc.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

APC Physical Infrastructure Management Platform

InfraStruXure Central from American Power Conversion (APC) enables organizations to conduct real-time monitoring of their physical infrastructure devices contained in a range of locations, from small wiring closets to large data centers. The platform acts as a repository for critical power, cooling and environmental data to provide immediate event notification to users so they can quickly assess and resolve device failures. An add-on surveillance software module can capture a visual record of people who enter a critical area and what they do while they are there.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Popular Stories

Quick Links

Webinar

Mass Notification Systems

Join AC&SS and ADT as they discuss the crucial role of mass notification systems before, during, and after emergency situations.
March 26 at 2pm ET

Register Now!

Back to Top