Social Engineering Defense Issues
Week 2 Report
The easiest method of security breaches in most corporations is done through social engineering. Information is gathered from any employee in any department that will comply to gathering techniques. Social engineering methods are in-person and telephone interviews, email solicitations. Through interviews hackers try to gather the user’s position, admin rights, and login credentials so they can mimic the user to gain access to corporate files and servers. The emails may contain a web link that will redirect users to a false corporate site that will record their login information or contain a download with malware that could corrupt the network.
Some security protocols are violated by allowing physical access to people that arrive under the guise of technicians, delivery people, or authorized visitors that do not have proper credentials for entry. When employees see these people arrive they may not check their ID’s will and hold the door for them. Individuals with ill intent can gain access to a guest computer and upload malicious software that could penetrate the network systems.
Other techniques include reciprocity, phishing, manipulating emotions, and exploitation. Reciprocity is allowing someone access to a system or data as a favor exchange. Phishing is done by masquerading as a secure site company site to obtain log in credentials to access actual company websites. Manipulating people’s emotions by using fear tactics is another form of social engineering. Generating an email or phone call with a sense of urgency for users to respond with secure log in credentials or account information will cause some people to cave in. Exploitation involves gaining the trust of individuals in the targeted corporation and using the information gathered to access the system.
Social engineering also involves reconnaissance, public information, social networking sites, dumpster diving, and cold calling. Reconnaissance...