[

]

2014

Name?

IS3220

Mr. ?

Social Engineering Name?Defense Issues IS3220

10 Jan 2014

Social Engineering tactics are so successful because most people in an office

environment, especially if it is a large company do not know the IT staff. Most social

engineering attacks are more than likely carried out as part of Corporate Espionage in order to

get a technical or otherwise advantage above the competitors. These Corporate spies will prey

on certain targets, such as; receptionists, IT staff, and vulnerable employees in order to

manipulate them in some fashion to get information. These tactics are so successful also because

all hackers know that the weakest defense is from within at the user level, and so do most

technology corporations.

The most commonly used techniques that an attacker may use to infiltrate a company is

by impersonating a number of people that are usually trusted or not questioned about their

presence in a facility. Most people when they are doing their job tend to not give it a second

thought when they see maintenance technicians, other employees, or someone claiming to be

either an authority figure such as a manager, executive, or even a police officer/security guard.

There are those also that will gain employment as Tech Support to be on the inside or claiming to

be a vendor or client to gain access to the building. Other techniques include some Quid Pro

Quo between employees, befriending someone in order to extract information, and manipulating

someone using threats. Most of these techniques involve the attacker having to be an active

participant in the attack physically by interacting with people directly. There are a couple of

techniques that the attacker can gather information from a distance with indirect interaction,

these techniques are for example; Phishing, Reconnaissance, Public Information, Social

Networking Sites, Dumpster Diving, and Cold calling.

Unfortunately there is no piece of technology that can defend against Social Engineering.

However you can train employees about security awareness in order to make employees more

Social Engineering Name?Defense Issues IS3220

10 Jan 2014

aware of their surroundings and to notice inconsistencies in the workplace. Once employees are

more aware they will ask questions about the unusual or out of place personnel within their work

area (Stewart, 2011). Social Engineering attacks are difficult to prevent because they are attacks

on actual humans instead of machines and humans unlike machines have free will and can easily

be manipulated. Humans are influenced by threats, manipulation, coercion, or just tricked into

doing something that they don’t want to do or don’t know they are doing it. Humans can be

tricked into giving information about their logon credentials or allowing someone that they

believe to be part of the IT staff a remote connection to their computer and even open unknown

email message that contains malware.

Social Engineering Name?Defense Issues IS3220

10 Jan 2014

References

Works Cited

Stewart, J. M. (2011). Network Security, Firewalls, and VPNs. Sudbury: Jones & Bartlett

Learning. Retrieved Jan 10, 2013