Avoid Social Engineering Attacks

Mar 1, 2008 12:00 PM

Social engineering refers to techniques used to manipulate people into performing actions or divulging confidential information. Typically, it applies to trickery used for information-gathering or computer system access. In most cases, the attacker never comes face-to-face with the victim.

A common type of social engineering attack is conducted by phone. Attackers will try to engage the victim in an enjoyable phone conversation to generate familiarity that is useful in future calls. The familiar relationship may eventually lead the victim to divulge the “secret language” of his or her industry.

Receptionists are frequent targets for this type of attack. Here are five tips to share with your reception staff - and others in the organization - to help identify and prevent social engineering attacks by phone.

1. Never assume a phone number that appears to come from within the organization is legitimate. Attackers may also play the same “hold” music as your organization in an attempt to trick you.

2. Do not trust the caller ID function or identifying credentials. Verify them.

3. Be polite, but don't offer what is not asked for.

4. Do not fax or e-mail documents without independently verifying the recipient.

5. Don't take for granted what you are told. Always verify names and phone numbers.

SOURCE: Sal Lifrieri is president of Protective Countermeasures & Consulting Inc.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue