Social Engineering

Often, hackers say:

The major problem is located between the keyboard and the chair

Today, people remain the weakest link of the security chain. Your users click, open files, visit URLs without realizing what may happen. The term “Social Engineering”, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme. (source: Wikipedia)

Social engineering can also by assimilated to pentesting people, to see how they will react in front of an attack and what information can be obtain from them. There are different types of attack scenarios:

  • Sending a rogue email with a malicious attachment or a malicious URL (also called “phishin”)
  • Dropping some rogue USB sticks in meeting rooms, in parkings, at the reception
  • Called the support to get information
  • Asking the reception to enter a restricted area