1.4.3

Social Engineering

Test yourself

Social Engineering

No matter how much money is spent on securing a network, human error is always a very real threat.

Illustrative background for Social engineeringIllustrative background for Social engineering ?? "content

Social engineering

  • The weak point in network security packages is often the people.
  • Social engineering is a form of attack that involves tricking people into giving away critical information or access details.
Illustrative background for Cold callingIllustrative background for Cold calling ?? "content

Cold calling

  • Social engineers often cold call victims and pretend to be from an organisation such as:
    • A bank.
    • A utility company.
  • The social engineer will then ask a victim to confirm their details, so that they can use these details to access their account later.
Illustrative background for FearIllustrative background for Fear ?? "content

Fear

  • Fear is often used to put people off-guard and make them more likely to comply.
  • Social engineers know that people will make irrational decisions when panicked.
  • A common attack would be to call someone pretending to be a bank, and ask why they have emptied out their account:
    • This would panic the victim, who would then want to sign into their account straight away over the phone.

Protecting Against Social Engineering

Social engineering is very difficult to protect against. But there are a few tactics employed by organisations to cut down on the amount of successful attacks.

Illustrative background for Education and trainingIllustrative background for Education and training ?? "content

Education and training

  • The most effective means of protection against social engineering is education and training.
  • People are made aware of the tactics of fraudsters:
    • This makes it more likely that they will recognise a fraudulent phone call.
Illustrative background for Company security policiesIllustrative background for Company security policies ?? "content

Company security policies

  • Company security policies include instructions that employees must follow to uphold security.
  • For example:
    • Don't discuss a user account without the user having confirmed their PIN number.
Illustrative background for Public awareness campaignsIllustrative background for Public awareness campaigns ?? "content

Public awareness campaigns

  • Banks and governments often run public awareness campaigns to educate members of the public about the risks of social engineering.
  • These often include case studies of what could happen if people do not take care.

Jump to other topics

1Computer Systems

1.1Systems Architecture

1.2Memory & Storage

1.3Computer Networks, Connections & Protocols

1.4Network Security

1.5Systems Software

1.6Ethical, Legal, Cultural & Environmental Concern

2Computational Thinking, Algorithms and Programming

Go student ad image

Unlock your full potential with GoStudent tutoring

  • Affordable 1:1 tutoring from the comfort of your home

  • Tutors are matched to your specific learning needs

  • 30+ school subjects covered

Book a free trial lesson