The term social engineering relative
to security came from early hacking efforts on telephone systems and
long-distance services. Social engineering is based on the concept of why risk
breaking into a system by brute force or tools when you can get some friendly
employee to help you do it? Social engineering is generally a hacker’s clever
manipulation of an employee’s natural human tendencies to trust and want to be
helpful.
More than one company with elaborate authentication processes,
firewalls, virtual private networks (VPNs), and network monitoring software has
been left wide open to an attack by an employee unwittingly giving away key
information in an e-mail or by answering questions over the phone with someone
they don’t know. This is one area where the would-be hacker can benefit from a
friendly demeanor, a good smile, and knowledge of looking and acting like they
belong.
Don’t make the mistake of thinking only lower-level employees
are prone to this. The fear of appearing not to cooperate with an obviously
important activity has led to the comprise of many a manager.