What is social engineering? How criminals exploit human behavior

That firewall won't mean much if your users are tricked into clicking on a malicious link they think came from a Facebook friend or LinkedIn connection.

Current Job Listings
1 2 Page 2
Page 2 of 2

Also worth checking out is social-engineer.org's Social Engineering Toolkit, which is a free download. The toolkit helps automate penetration testing via social engineering, including "spear-phishing attacks", creation of legitimate-looking websites, USB drive-based attacks, and more.

Another good resource is The Social Engineering Framework.

Currently, the best defense against social engineering attacks is user education and layers of technological defenses to better detect and respond to attacks. No one expects any effective dedicated technical defense to social engineering to arise any time soon. Technical defenses will definitely help reduce the occurrence social engineering attacks. Detection of key words in emails or phone calls can be used to weed out potential attacks, but even those technologies will probably be ineffective in stopping skilled social engineers. Also realize that a lot of attacks take place outside of the workplace — striking up a conversation at a bar is an extremely effective way of getting information out of a target; this is where training and awareness can help,” says MacDougall.

1 2 Page 2
Page 2 of 2
SUBSCRIBE! Get the best of CSO delivered to your email inbox.