Why do you choose engineering

Social engineering: human vulnerability


However, attempts at manipulation do not always focus on the good qualities of humans. So Proud Employees right up to the boardroom can induce employees to brag about sensitive information about their own work or the company's successes - e. B. in a bogus interview, with customers or during job interviews. Often introduces Tendency to avoid conflict to the fact that safety-critical actions are carried out against your better judgment. On the other hand, the strongest motor for ill-considered actions is anxiety. This can be fueled, for example, by a supposed telephone suppressor at the other end of the line, which threatens an afternoon without the Internet if it does not immediately receive detailed information about the router and its configuration. Riddled with relevant technical terms, such callers intimate employees with little understanding of technology. “Social hackers” also take advantage of their fear of their superiors: A popular scam is the bogus payment order sent by e-mail from the boss.

To fool your victims, give yourself up Con artists for example as colleagues, superiors or applicants. In addition, attackers slip into the role of a service employee who records customer satisfaction or conducts an industry survey on behalf of a research institution.

So-called Social engineers are not necessarily limited to one-time contacts. It is also possible to ask the victim for harmless favors over a certain period of time or to keep them happy with small talk. In this case, the actual hack does not take place until there is a certain level of trust and the attacker has collected enough information to deceive the victim. Sometimes such an espionage attack happens extensive research ahead. In addition to the company website, social networks such as Facebook or LinkedIn are available as sources of information. “Dumpster Diving” goes one step further, in which criminals dive into the victim's garbage can in order to steal carelessly discarded business documents.

Social engineering via email or telephone is common, since such attacks can be automated with little technical effort. However, the risk of inadvertently disclosing company secrets or access data also lurks in public transport as well as in bars, cafés or restaurants when several colleagues are talking in a relaxed atmosphere about business figures, work processes or customer contacts. Employees who take business calls on their mobile phones, in particular, often discuss internal company matters in public and without regard to any eavesdroppers.