It happens more than people realize. You may be approached by someone physically, or you may get contacted via phone or email. After all is said and done, you or your company may end up bankrupt, your information stolen, and if it happened at your job, you may be out of a job (and possibly have a very difficult time getting another job). How did all this come about? You or your company may have been coerced by a social engineer. Allow me to explain...

 

 

A social engineer is someone that uses extreme social skills in order to get information or gain entry. The skills that social engineers use are like professional sales people times 100. They are very easy to get along with, and are able to convince you to trust them and/or believe them. They are excellent at acting and are typically extremely intelligent. They usually will research their mark very thoroughly, and will not hesitate to assume someone's identity in order to get what they are after. Now, you may think that you would never fall for a social engineer's ruse... you aren't that stupid, right? Well, 99.99% of people that think that way are wrong, because your intelligence has no bearing on whether or not you would fall for their ruses. Social engineers generally play on emotions (quite like a sales person), and they generally go after those who they feel are generally helpful and/or new. I have been hired by companies (both big and small) to perform "Pen Tests", which is basically allowing me to test their company and employees by trying to either a) break-in b) gain proprietary information or c) gain any other type of confidential information (anything from passwords of their databases to credit card information). The boss/owner of the company signs paperwork that exonerates me from prosecution (should the authorities be contacted) and that ensures the boss will not inform any employees during the initial Pen Test (which is used as a baseline to show the company where/how it can be compromised).

 

 

I can't believe some how susceptible the majority of the companies actually are, and frankly, I've grown to believe that there isn't a single company that couldn't use some training to help prevent social engineering attacks. If you think you are 'smart enough' to not become a victim to a social engineer, think twice... remember, it's not about your intelligence level, it's about your AWARENESS level. If you want more information about social engineering, use Google to search for either 'social engineer' or read up on Kevin David Mitnik (yes, he was a hacker, but also an excellent social engineer, and has written a couple great books about it).

 

This rant written by Joe Rosendorf Jr.  This is merely an opinion based on personal experiences, and is intended to inform based on those experiences.