CSO Explainer: What is social engineering?

Animated example of some ways data thieves get to your data without hacking

Editor’s note: CSO is embarking on creating some new video animations that help explain security terms and concepts. The goal is not to explain something that you, the reader, is already likely to know, but rather to present these concepts in an easy-to-share format for employees to enhance awareness in the workplace, or even with friends and relatives (like your Uncle George, who may fall victim to one of these ploys). Let us know if there are some other security terms and concepts you’d like to see in animated form!

The following is a transcript of the video above.

Voiceover: When you hear the term social engineering, this is the security industry’s way of referring to a con or scam technique.

 It’s basically the art of gaining access to buildings, systems or data by exploiting human psychology, rather than breaking in or using technical hacking techniques.

 Famous hacker Kevin Mitnick helped popularize the term ‘social engineering’ in the 1990s, although the idea – and many of the techniques – have been around as long as there have been scam artists.

 But how does social engineering work? Here are some examples.

 In the office, a social engineer might lurk near a secure doorway with several boxes, and pretend they can’t reach their access card or key to get in. They’ll ask, “Can you hold the door for me?” and an unsuspecting office worker will let them in. The worker never realizes that they’ve just given a criminal access to their company’s office.

 On the phone, a social engineer calls employees and pretends to be the IT Help Desk, trying to trick workers into giving them their password.

 Social engineering is dangerous to corporate and personal data, because once a data thief has gained access, there’s no telling what they’ll do with it.

 So, how can you avoid becoming a victim of social engineering? First, be aware. Awareness of the types of ploys these criminals use is your Number 1 defense.

 Second, look around, pause and ask questions before doing or saying anything. If something doesn’t look or sound right, chances are you’re being played by a social engineer.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
How much is a data breach going to cost you?