Oct 1027

Are You and Your Organization Vulnerable to Social Engineering?

October 27th, 2010

A couple of years ago, I discovered strangers walking through our office unescorted.  They told our receptionist that they were looking at office space in the building; they were well dressed, the referenced the name of our landlord and they asked nicely if they could just walk around and take a look at our space.  Our receptionist, ever on the lookout for ways to be helpful, let them wander the halls.

A couple of months ago, someone claiming to be an exhibitor at a client’s trade show called, asking for the client’s logo so they could use it in an e-mailing going out.  The person said they had the approval of the client.  My responsive Project Manager opened up a work request and got the logo sent out asap.

In both cases, the persons making the requests were legitimate and no harm was done.  BUT, they just as easily could have been hackers or scammers and my helpful staff could have been duped into giving them information or access they were not authorized to have.  Which is why Matrix Group covers security during orientation and training for all new hires and we recently brought in a security expert to discuss social engineering.

Social engineering is “the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.” Kevin Mitick, the famous computer hacker, claims that it’s “much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.”  There are many social engineering techniques, including:

  • Pretexting is the act of getting people to divulge small pieces of information, which hackers use to obtain more information from the next person.  Knowing bits of information establishes legitimacy in people’s minds and makes them more willing to divulge even more information.
  • Phishing is used to fraudulently obtain private information.  Phishers typically impersonate legitimate businesses via phone or e-mail and convince victims to divulge sensitive or private information.  Think of the hundreds of e-mails you get that look like they’re from your bank; nearly all of them ask you for your account information, login information and/or SSN.
  • Baiting is a technique whereby hackers leave CDs or USB sticks containing viruses or trojans in public places, in the hopes that a curious person will pick up the items and insert them into their systems, effectively infecting them and making them vulnerable to hacker attacks.

Social engineering is highly successful because of the natural human tendency to trust other people. In addition, most people want to be helpful.  In fact, we train our staff to be helpful because helpfulness is key to a successful business.  If you’re wondering if you or your organization are vulnerable to social engineering tactics, ask yourself these questions:

  • How easy or hard would it be for someone to gain access to your office by mentioning the name of the CEO and some key staff?
  • How difficult would it be for someone to impersonate you by providing your name, address, SSN, mother’s maiden name, spouse name, etc.  I’ll bet a lot of this information is on public Web sites and social networks.  Just look at some of your friends’ profiles on Facebook; you’ll find hometown, e-mail, birthday, the works!
  • How hard would someone have to work to impersonate someone and convince a network admin to divulge or reset a password?
  • Have you held the lobby door open for someone off the street while entering a secure building?

Okay, now that you’re paranoid, what are you going to do about this potential threat to you and your organization?

Subscribe to RSS feed of comments for this entry

Related Posts

3 Responses to “Are You and Your Organization Vulnerable to Social Engineering?”

  1. Alyson Says:
    October 28th, 2010 at 11:26 am

    Since my company has such high-profile clients, we get a lot of scammers calling for info -“(Client) told me to call.” - and we are extremely skeptical. We’re polite, (attempt to) take the callers info and always check with the clients before divulging anything or allowing use of name, likeness, etc. It’s scary how prevalent this is. Separately, I recently lost a flash drive with a lot of documents on it (none confidential, thankfully) and I hope whoever finds it thinks I was baiting and it just gets thrown out!

  2. Bangalow Accommodation Says:
    October 28th, 2010 at 6:18 pm

    This is lots of food for thought !

  3. Maggie Says:
    November 1st, 2010 at 9:42 am

    You mention the natural human tendency to trust other people. It also works the other way.

    If I’m in the office very early, before the receptionist, and someone arrives for a very early meeting, I will request that they remain in the elevator lobby so that I can verify that the person they have an appointment to meet is indeed present and expecting them. In all of the (very few) cases where this has occurred, the visitors have always been extremely willing to cooperate and have always been understanding about the security issue.

    Only once was I unable to verify the visit, and in that case, I explained that I had two options. One was to escort the visitor on my own time until the person they were waiting for arrived, or to request that they return. Again, this visitor was extremely obliging and returned after the office opened.

    I should think if such a visitor made a huge fuss, it would make me rather suspicious.

Leave a Reply

Photo of Joanna Pineda

About the Author

Joanna Pineda

Founder, CEO Matrix Group International

CEO, Founder & Chief Troublemaker, Matrix Group

A Chief Troublemaker's insight on effective marketing strategies, customer service, leadership, Web 2.0, Web 3.0 and beyond.

Joanna is known for her visionary big-picture thinking and drive for excellence. Combining her broad liberal arts background and passion for technology, she started Matrix Group in 1999, today a leading interactive agency. As a trusted advisor, Joanna inspires and motivates her clients and employees alike to simply, "be better." Joanna's mantra: "DO or DO NOT. There is NO TRY!"

So how's married life? How's biz? We should do lunch with Eric soon.

Subscribe to the RSS Feed

Sign Up for Email Updates

Recent Tags

apple | association management | Barack Obama | Blog | branding | Browsers | Content Strategy | corporate culture | customer service | Data Recovery | Design | e-commerce | e-mail | Economy | Facebook | Gadgets | Google | Google Plus | green | Information-Architecture | leadership | LinkedIn | marketing | Matrix Group | Microsoft | privacy | Productivity | project management | RSS | Sales | SEO | Site search | social networking | software development | strategy | trends | Twitter | Urban Legends | User-Generated Content | Video | Web 2.0 | Web Design | Web site | Web site traffic | YouTube

My Favorites

  • Smashing Magazine

    Smashing Magazine

    If you’re a designer, front-end developer or developer, this is a must read. Every day, you’ll get tips, tools and inspiration.

  • Boston Globe

    Boston Globe

    Great example of a responsive site. Check it out on your computer, iPad and smartphone. Very cool!

  • Skylanders

    Skylanders

    Great for young and old alike, this game uses figurines that you place on a portal to put into action. You can play on the Wii, on the iPad and online! If you have kids, this is a must have!

Recent Favorites