Social Engineering(An Introduction) - Threatening The Safety
Sign in

Social Engineering(an introduction) - Threatening the Safety

Electrical Engineer

 Social Engineering, this word sounds good but it won't if we know what it really means. Social Engineering(also called "art of deception") is a master planning for doing a fraud or scam without any direct involvement. "Then how could they do the scam?"...yeah, i can hear that. They involve in the scam all by means of phone and internet only with fake names. Social Engineer's could often get passwords and other pieces of sensitive information from companies by pretending to be someone else and just asking for it . The human factor which is truly security's weakest link is made well used by Social Engineer's. They got to work from the scratch information got from anywhere about an organisation or a person. This information is mostly available in an organisations website and are considered as having no threat to an organisation by publishing them. Becuause they may be of customer care number, regional low level officer details, regioal branch office details, any employees phone number or email id's, etc. which seems to be having no threat to an organization by publishing them.

 Here starts the work of an Social Engineer. A Social Engineer collects this information from websites or branch offices as the first step. Then he got to creating an ideal and completely fake scene or situation using which he will penetrate into the organisation from very low level. He need to collect every little bit of information from the organisation and make them valuable. It's all depends on the social engineer who involves in deception. Most of the social engineers choose phone as their best deception tool. Sometimes just knowing inside terminology can make the social engineer appear authoritative and knowledgeable by means of which they can easily gain access to an organisation's information.

A simple Social Engineering incident which gives us an idea about how social engineer's work.

An attacker dialed the private phone company number for the MLAC, the Mechanized Line Assignment Center. To the woman who answered, he said:"Hey, this is Paul Anthony. I'm a cable splicer. Listen, a terminal box outhere got fried in a fire. Cops think some one tried to burn his own house down for the insurance. They got me out here alone trying to rewire this entire two hundred-pair terminal. I could really use some help right now. What facilities should be working at 6723 South Main?"In other parts of the phone company, the person called would know that reverse look up information on non published numbers is supposed to be given out only to authorized phone company MLAC is supposed to be known only to company employees. And while they would never give out information to the public, who would want to refuse a little help to a company man coping with that heavy-duty assignment?. She feels sorry for him, she's had bad days on the job herself, and she’ll bend the rules a little to help out a fellow employee with a problem. She gives him the cable and pairs and each working number assigned to the address.

From this incident we can realise that giving out any personal or internal company information or identifiers to anyone, unless his or her voice is recognizable and the requestor has a need to know will surely let your company face the trouble(mostly a serious one).

So be aware of Social Engineer's and never trust a voice or text which pretends to be some one. Better follow company rules and show no mercy for voice and texts.

prevnew
start_blog_img