Social engineering refers to psychological manipulation of people to acquire confidential information. Social Engineering is considered as an overlooked risk in security today. Social Engineering is defined as a synonym for fraud.

Pretexting can be defined as a technique in which an individual tries to acquire privileged data of an organization or user. In pretexting the liar pretends to need information in order to confirm the identity of the person he is talking to and tends to ask a series of questions for eg: confirmation of SSN(), DOB, account number.

Diversion theft is also called as “Corner Game” or “Round the corner game”. A traffic personnel of a transport company or courier company are targets of this type of threat. In this threat the traffic personnel is convinced to issue instructions to the driver to divert the load or consignment to a different location. In addition to regularly scheduled analysis and assessments required by regulatory mandates, tests should also be run whenever:

In this technique the phisher sends an email which the receiver presumes to come from an authorized individual or any organization such as bank or credit card company, the email will contain information requesting “verification ” of information or a link to a fraudulent web page that may seem legitimate with company logo and content.

Phone phishing alos called vishing is a technique in which the victim is prompted to call into the bank in order to verify the information. The system will reject pins and login information continually ensuring that the victim enters PINs or passwords multiple times hence disclosing multiple passwords. The advanced systems then transfer the victim to an attacker for further question who the victim presumes to be a customer service agent.

An attacker leaves a malware infected floppy disk, CD/DVD ROM OR USB flash drive in a public place or a location sure to be found with an attractive or curiosity-piquing label or internal IDand waits for the victim to use the device. Once the user inserts the disk into the system in order to view the contents unknowingly malware will be installed hence enable the attacker to have unfettered access to the victims system or entire organizations computer network.

The attacker will call random number claiming to be calling back from technical support. The attacker will help solve the problem and at the same time have the user type commands that give that attacker access to confidential information or launch a malware.

Tailgating also called Piggybacking is a technique in which an attacker enters a secured area by unattended , electronic employee access control e.g. RFID card, walks in behind a person who has legitimate access. The legitimate person will usually hold the door open for the attacker or the attackers themselves may ask the to hold it open for them. The legitimate person may fail to ask for identification for any of several reasons, or may accept an assertion that the attacker has forgotten or lost the appropriate identity token. The attacker may also fake the action of presenting an identity token.

Shoulder surfing involves direct observation techniques like overlooking someone’s should to get their personal information. This is a common technique in public places such as airports, airplanes or coffee shops.

1. Be suspicious of unsolicited phone calls,visits, or email messages from individuals asking about employees or other information. If any unknown individual claims to be from a legitimate organization always try to verify the identity directly with the company.

2. Do not provide any personal information or information about organization until and unless you are sure of the person authority to have the information.

3. Do not not open mails from an unknown sender or any suspicious individual.

4. Do not open any links from an unknown sender this may carry some malicious threat.

5. If you are unsure if the email request is legitimate, try to contact the company directly.

6. Install and maintain anti virus softwares, firewalls and email filters to reduce some of the traffic.

6. Install and maintain anti virus softwares, firewalls and email filters to reduce some of the traffic.

7. Make use of anti-phishing features offered by your email client and your web browser.

1. If you feel you been attacked by a threat and have revealed your organization’s sensitive information report it to the concerned person in your organization such as a network administration.

2. If you feel you financial account is being attacked as a result of the attack, contact your financial institution and close any account that is affected.

3. If you feel you have disclosed any password, change the password immediately and make sure you do not use it in future. Report the attack to the police and file a report with the Federal Trade Commission.

For further assistance, contact us at info@agniinfo.com.