Up One Level


Social Engineering

 

Social engineering is a means by which information is extracted, usually verbally, by someone impersonating a legitimate holder or user of the information in question. Social engineering will often take place over the telephone; here are some examples :-

  • A 'senior member of staff' calls the IT support desk in a 'great hurry' and has forgotten their password (and they need it now!)
  • A 'secretary' calls to inform that their superior needs to access some information urgently but has forgotten the 'new' password.
  • A 'telephone engineer' calls to request details of the access number to the computer system as they have received a fault log and they need to 'test it'.
  • In response to a request from a 'colleague' to speak to Ms X, they are advised that she is away for 3 days on business. To the caller, this knowledge is indicative that Ms X's logon account to the system is unlikely to be used during this period.


*** The Information Security Glossary ***
Previous PageTop of this pageNext Page


Buy Now:

 

This Glossary forms part of the RUsecure Security Policy Suite... visit RUsecure Security Policy World
Use of the guidance contained within RUsecure™ is subject to the End User Licence Agreement
See also the Disaster Recovery World
This site created with EasyHTMLHelp(tm) for MS Word
 Risk Associates: Resources for Security Risk Analysis, ISO 17799 / BS7799, Security Policies and Security Audit