Social engineering is a big part of the cyber security landscape this is considered a large part of risk to businesses.
Social engineering is the manipulation of a individual through communication and interaction this can take various forms. Some of the forms used are: interaction outside of work, social media manipulation, impersonation phishing is generally the broad term to cover this.
Social media social engineering is quite easy to manipulate as you can create images or posts asking for silly things such as pet names or maiden names. This is often seen as a silly thing to post but generally this information is generally used for personal account information such as recovery questions or hints.
Personal interaction is often overlooked as a form of information security risk this is due to it not being a clear danger. There are cases of individuals meeting and acquiring things such as key passes or other physical or network based access. Having a conversation with someone around work is common however some individuals do use this with malicious intent.
Pretending to be certain people and sending emails on their behalf this can be targeted at high level employees and is known as spear phishing. These attacks prey on individuals who rush to react or respond to a email this can enable all forms of access from pretending to be a Microsoft account to acquisition of personal details through CEO impersonation.
Our active fundraising for Air Ambulance is found here we appreciate any donation.
Last weeks article on EE is available here.