Beware Being Tricked by the Social Engineer

It is just about summer — the weather is gorgeous and everyone is in a

good mood.

A pretty — not beautiful — girl comes into the lobby of a local company

and glances around. She walks up to the receptionist and explains she has

a meeting with the Information Technology director and is running late.

She says she is very embarrassed and would the receptionist tell her the

conference room number and she’ll just sneak into the meeting. Feeling

sorry for the young lady, the receptionist tells her the main conference

room is on the third floor and lets her into that part of the building.

Once in the elevator, the woman gets off on the fourth floor — not the

third. She wanders the halls. A gentleman stops her because she doesnt’

have a badge. But she smiles sweetly, asks him about his day and pretty

soon they are chatting about this and that. He forgets why he stopped her

and goes back to his office.

She continues down the hall. This time she sees someone going into the

computer lab and he allows her to follow him through the door. She has

one of those smiles that lights up her entire face, and it doesn’t go

unnoticed. She explains that she is a student at the local university and

she’s going to be a summer intern in the IT department… part of her

internship is to see how the computer lab works.

She spends the next hour looking around, chatting with the network

administrators and lighting up a usually boring environment.

The girl leaves the building, waving good-bye to the receptionist on her

way out and thanking her again.

After all, she should thank her and all the others she spoke to during

her visit.

The woman leaves with Post-it notes that had been stuck onto monitors

with passwords and user identifications (usually ‘admin’). She has a

wealth of knowledge on how the network is set-up, what kinds of

protection mechanisms are in place and even how to get around the

protection — thanks to a young techie who was more than pleased to show

her how ‘smart’ he was.

She now owns their network, their industry secrets and their

systems.

This is a classic case of social engineering.

According to sbc.webopedia, social engineering is defined as: ”In the

realm of computers, the act of obtaining or attempting to obtain

otherwise secure data by conning an individual into revealing secure

information. Social engineering is successful because its victims

innately want to trust other people and are naturally helpful. The

victims of social engineering are tricked into releasing information that

they do not realize will be used to attack a computer network.”

Whatitis.com states: ”In computer security, social engineering is a term

that describes a non-technical kind of intrusion that relies heavily on

human interaction and often involves tricking other people to break

normal security procedures. A social engineer runs what used to be called

a ‘con game’.”

Either definition makes it clear that social engineering involves human

interraction. That is the major factor that makes protection against

social engineering difficult. All the firewalls, and identification and

authentication mechanisms are ineffective against a seasoned social

engineer.

So, how do you protect your network from these types of people?

The best protection against social engineering tactic is a well-trained

employee, who is aware of this kind of scam. The employee is the target

of social engineering. Employees need to be made aware that even though

they need to be helpful on the job, they need to be cautious and

inquisitive.

Security training that reinforces the requirement to protect user

identifications, passwords, and other such information is a valid

protection against social engineering. Employees also need to be aware of

their surroundings to ensure that people without proper identification

are confronted and escorted to security personnel. They also need to be

aware of unauthorized people trying to follow them into secured areas.

This awareness training isn’t just for computer users and network

administrators. It’s for every employee — the receptionist, secretaries,

file clerks, etc. Training should be a yearly event.

Anything that looks suspicious should be reported. Be suspicious of that

person you have never seen before, or someone asking questions that raise

a little red flag in the back of your head. You never know when it’s a

person on a mission to obtain information that can, and will, be used

against you.

The next time a friendly individual approaches you with a request for

assistance in getting information that you know should be protected, be

prepared. Check it out before you give out any information. Beware the

social engineer!

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020