Social Engineering
Social Engineering
This research paper is primarily based on information gathered from secondary sources explaining what the term “social engineering” is, how it is perpetrated, and the impact it has on individuals and corporations. It will also discuss ethical issues and action that can be taken by both individuals and corporations respectively to mitigate and minimize the risk of social engineering attacks.
Social engineering, in the context of information technology, is defined as “gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others” (Gary B. Shelly, 2010). The methods adopted are similar to those used by con artist where individuals are tricked into divulging confidential information. Social engineers mislead their victims into providing confidential and critical information that can enable them to perpetrate fraud. Social security numbers, user names, passwords, credit card details, bank account numbers and organizational charts are prime examples of target information that is used by fraudsters to commit a crime or in some case sell the information to other criminals.
Individuals using social engineering techniques, or social engineers as they are commonly called, are essentially hackers. The only distinction is hackers use technical methods like installing spyware on targets computers or networks to secure information, whereas the social engineers uses a combination of technical, social and psychological skills to carry out their attacks.
The article Social Engineering Foundamentals: Hackers Tactics (Granger, 2001) shows that attacks can be carried out in both physical and psychological forms and can involve physical intrusion into the work place, over the phone and collection of trash (a.k.a Dumpster diving). Items found such as documents and outdated or broken hardware components may contain crucial information which can be use to carried out
This research paper is primarily based on information gathered from secondary sources explaining what the term “social engineering” is, how it is perpetrated, and the impact it has on individuals and corporations. It will also discuss ethical issues and action that can be taken by both individuals and corporations respectively to mitigate and minimize the risk of social engineering attacks.
Social engineering, in the context of information technology, is defined as “gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others” (Gary B. Shelly, 2010). The methods adopted are similar to those used by con artist where individuals are tricked into divulging confidential information. Social engineers mislead their victims into providing confidential and critical information that can enable them to perpetrate fraud. Social security numbers, user names, passwords, credit card details, bank account numbers and organizational charts are prime examples of target information that is used by fraudsters to commit a crime or in some case sell the information to other criminals.
Individuals using social engineering techniques, or social engineers as they are commonly called, are essentially hackers. The only distinction is hackers use technical methods like installing spyware on targets computers or networks to secure information, whereas the social engineers uses a combination of technical, social and psychological skills to carry out their attacks.
The article Social Engineering Foundamentals: Hackers Tactics (Granger, 2001) shows that attacks can be carried out in both physical and psychological forms and can involve physical intrusion into the work place, over the phone and collection of trash (a.k.a Dumpster diving). Items found such as documents and outdated or broken hardware components may contain crucial information which can be use to carried out
References: Cisco. (2011). http://www.cisco.com/web/about/security/intelligence/mysdn-social-engineering.html. Retrieved April 18, 2011, from www.Cisco.com. Gary B. Shelly, M. E. (2010). Discovering Computers 2010: Living in a Digital World Complete. Boston: Course Technology: Cengage Learning. Granger, S. (2001, december 18). Social Engineering Foundamentals. Retrieved April 18, 2011, from http://www.symantec.com: http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics Raymond, A. (2009, October). An effective incidence response process. SCmagazine. Retrieved April 20, 2011, from http://www.scmagazineus.com. -------------------------------------------- [ 1 ]. This article, obtained from the Symantec corporation website narrates a true story of typical attacked carried out by security consulting firm using social engineering methods. [ 2 ]. Federal Trade Commission: is a governmental body with primary responsibility to protect consumer rights. http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html [ 3 ]. The Ponemon Institute is an IT security solutions provider that is now part of the Symantec group a leading IT security company; the manufacturer of Norton Antivirus program.