Defining Social Engineering
Social engineering is defined by Berti (2003) as “the criminal art of tricking staff into revealing corporate information.” Social engineering can take place on various levels, and for various purposes. Social engineers can target other individuals and extract enough information to steal their identities (Brower, 2010). They can also use social engineering to perform reconnaissance on an organization, gaining critical knowledge to plan a future attacks. In some cases, social engineering may be used as a delivery method for their payload, whether it be by email attachment or USB insertion (Hadnagy & Wilson, 2012). At a lower level, social engineering …show more content…
Telephone: the use of a phone to contact individuals within an organization and convince them to give up confidential information. Online: gathering information through the use of online chats, forums, emails or social media. Dumpster diving: scavenging for information discarded by an organization, often classified paper records that were not shredded. Shoulder surfing: "Simply looking over someone 's shoulder while they are using their computer." Reverse social engineering: getting a victim to initiate the social engineering conversation, as a result of a previous attack. When reverse social engineering occurs, there an additional layer of trust from the unsuspecting victim. Persuasion: convincing an individual to give you confidential information by either establishing a sense of trust, or simply asking for …show more content…
However, the study also found that faculty participants recognized the importance of people to security and generally believed that they and student should receive more security education and training. Rotvold notes that “these attitudes should help provide positive momentum to continue to raise the status of security awareness in colleges of business.” Raising security awareness in colleges of business would create progressive create a workforce that is better equipped against social social