Hackers will try to trick your users into revealing their passwords. They call it “social engineering”, we call it a security risk. Here’s how to fight it.
While security officers focus on firewalls and intrusion detection systems, a far more dangerous avenue often lies open to hackers. In most cases, it is far more easy to trick innocent users to give up their passwords by phoning them up. Most people would refer to this as “lying”, “trickery”, or “deception”, but security people prefer to use the term “social engineering”. In the past, social engineering schemes have traditionally revolved around a hacker posing as someone from the support department and either trying to assist the user with a problem or getting the user to help the hacker run a “test”. These have been frighteningly effective, and are getting increasing publicity: former exponents such as Kevin Mitnick have argued that social engineering is more worrying than tech-based attacks. Full Story