Social Engineering : Mitigating The Risks Of Malicious Communication
Defining Social Engineering
Social engineering is defined by Berti (2003) as “the criminal art of tricking staff into revealing corporate information.” Social engineering can take place on various levels, and for various purposes. Social engineers can target other individuals and extract enough information to steal their identities (Brower, 2010). They can also use social engineering to perform reconnaissance on an organization, gaining critical knowledge to plan a future attacks. In some cases, social engineering may be used as a delivery method for their payload, whether it be by email attachment or USB insertion (Hadnagy & Wilson, 2012). At a lower level, social engineering can be used to exploit organizations’ procedures to gain free products (Cameron, 2015). Cameron examined the methods and motivations of a “social engineering expert” nicknamed Jonah. After realizing that most technology companies have warranty systems that do not require damaged items to be returned before mailing out replacements, Jonah learned to engineer low-level employees into mailing him replacements of items he never purchased or possessed.
Social Engineering Models
Hadnagy (2010) presents a social engineering communication model and describes several examples of effective social engineering which he breaks down according to the model. This model analyses social engineering schemes based on source, message, channel, and…