34,333
edits
Changes
→Social Engineering
== Social Engineering ==
Social engineering exploits human nature, rather than computer code, to achieve its objectives and usually involves some form of interaction with a user or employee, either via email, phone or in person. Such attacks usually use empathy, urgency and a hint of believability in gaining the trust of the victim. Other attacks can work on the inquisitive nature of human beings.
Such an attacks might involve calling an employee and pretending to be an authoritative figure in an organization who has forgotten their password. Another social engineering attack that actually occurred involved the placement of USB thumb drives in an office parking lot. Unsuspecting employees picked these up on arrive at work and, assuming the belonged to fellow employees, plugged them into their computers in an effort to identify the owner so that they could be returned. In browsing the files on the storage devices viruses were unleashed on the computer systems.
The truly only way to prevent social engineering attacks is through employee education.
