5 Common Strategies Employed by Social Engineers

Techniques Social Engineers Use to Infiltrate Corporate Security

A business person working on a laptop.

Manuel Breva Colmeiro / Getty Images

Social engineering, while always present in some way or another, has now taken a very serious turn, leading to infiltration of sensitive corporate data, thereby rendering individuals and companies vulnerable to hack attacks, malware and generally breaking down enterprise security and privacy. The main aim of the social engineer is to hack into the system; steal passwords and/or confidential company data and install malware; with intent to damage the company’s reputation or make profits by employing these illegal methods. Mentioned below are some of the commonest strategies used by social engineers to accomplish their mission.

of 05

A Question of Trust

The first and foremost method a social engineer would use is to convince his victim about his trustworthiness. In order to accomplish this task, he could either pose as a fellow employee, past employee or a much trusted outside authority. Once he fixes his target, he would then go about contacting this person via phone, email or even through social or business networks. He would most probably try to win over his victims’ trust by being most friendly and unassuming.

If in case the victim cannot be reached directly, the social engineer would then select one of several via media who could connect him to that particular person. This means that companies would have to be on guard at all times, and also train up all of their staff to target and tackle such high-level criminal activity.

of 05

Speaking in Tongues

Every workplace follows a certain protocol, way of functioning and even the kind of language that employees use while interacting with each other. Once the social engineer gets access into the establishment, he will next focus on learning that subtle language, thereby opening a doorway to establishing trust and maintaining cordial relations with his victims.

Yet another strategy is that of fooling victims using the company’s own “hold” tune on the phone. The criminal would record this music and then put his victim on hold, telling him that he has to attend a phone on the other line. This is one psychological strategy that almost never fails to hoodwink targets.

of 05

Masking Caller ID

While mobile devices are really convenient, they can also turn out to be an abetter to crime. Criminals can easily make use of these gadgets to change their caller ID, flashing on their victims’ phones. This implies that the impostor could well appear to be calling from within the office complex, while he may actually be very far away. This technique is dangerous, as it is practically undetectable.

of 05

Phishing and Other Similar Attacks

Hackers usually make use of phishing and other similar scams in order to glean sensitive information from their targets. The commonest technique here is to send the intended victim an email about his/her bank account or credit card account closing or expiring shortly. The criminal then asks the recipient to click on a link provided in the email, requiring him/her to enter their account numbers and passwords.

Both individuals and companies need to keep a constant lookout for such email and report it immediately to the concerned authorities

of 05

Using Social Networks

Social networking is truly “in” these days, with websites such as Facebook, Twitter, and LinkedIn becoming more and more crowded with users. While these offer a great way for users to remain in touch and share information with each other in real time, the downside is that it also becomes the best breeding ground for hackers and spammers to operate and thrive.

These social networks help scammers add unknown contacts and send them fraudulent emails, phishing links and so on. One other common technique that hackers use is to insert video links of supposedly sensational news items, asking contacts to click on them to know more.

The above are some of the commonest strategies that social engineers use to con individuals and corporate establishments. Has your company ever experienced these types of attacks? How did you go about tacking this menace?