Social Engineering, for those who probably are not aware of, refers to a method of divulging confidential information from people through non-technical means that will allow unauthorized access to a valued system and the information that resides on that. In a few words, this is an attack that normally serves hackers to gain access to enterprise networks or to target individuals, depending on the purpose of the attack.
The purpose of this article is to highlight the importance of privacy security on the Internet and how this is related with social engineering. An example of social engineering attack involves the attacker, the victim and the information retrieval. Imagine that you post on Facebook some destinations and places that you have visited and you have described them with enthusiasm. An attacker could exploit this information so as to call you up (find your number in a catalog or even from Facebook or send an e-mail). Then the attacker asks you to give your personal information, with the excuse that you’ve won a money price from a lottery, made for a Hotel’s customers, in which you had stayed as long as you were visiting the places you describe in your profile. Probably you might trust him and give him information about you, even your social security number or possibly your bank account. The next step is to call your bank and pretend to be you, claiming that your online account was blocked and you will need a new password. The data that the bank will require are already in attacker’s disposal and the request can go on. This is an easy way to lose money and not be aware of the fact at all, at least not in the beginning.
It is one of many examples, which occur in everyday life, but most of us don’t know the dangers that exist, while overexposing so many personal data. Even bigger is the risk for companies, especially if we think the increasing use of LinkedIn, which is a social network designed exclusively for professionals. Many users publish their CV and often share it with people they have never met. There are many ways an attacker can exploit such information and they can lead to a breach a company’s infrastructure and jeopardize sensitive data and business continuity.