Social engineering – examples and prevention

Social engineering – examples and prevention


What is social engineering?

All attacks against information systems are referred to as “Social Engineering“, where the users of these systems can be manipulated through psychological tricks. This attack aims to elicit internal and sometimes sensitive information to employees. The personal contact between perpetrator and victim is not absolutely necessary, also the dispatch of E.g. phishing emails include the common methods of social engineering.

How does social engineering?

Most people want to be nice. You want to help in emergency situations or help in eliminating errors. Some people can reject bad requests or simply are afraid to respond in a situation unknown for her. All of these behaviors take advantage of perpetrators to obtain information.

Everyone can become victims of such an attack which can provide interesting information for the offender. The Group of persons is limited not to the employees in IT departments or secretariats. Often marketed the sensitive data, E.g. in a bogus customer conversation or at trade fairs, also directly with the management of the company in experience.

How can you protect yourself from social engineering?

Initially all employees of a company should be aware that they are in possession of – sometimes confidential – information, and adjust their behavior accordingly. The good news is: even small changes in your daily routine can significantly contribute to the protection of the internal company information.