The O Blog

Information technology (IT) networks are targets for casual and serious criminals who seek to modify, copy, or steal sensitive information from companies and individuals. Cybercriminals search for IT network weaknesses, referred to as vulnerabilities, which can be exploited in various ways to provide them the access to the information they desire. Vulnerability assessments should be conduct regularly to identify these weaknesses. Once vulnerabilities are identified by a trained IT security professional, he or she can deploy a mitigation strategy to sure up the weak link before a cybercriminal finds and exploits it. People typically understand the need to lock the doors, install alarm systems, and physically secure their homes or businesses, but many fail to understand that their sensitive information can be compromised or stolen via their IT network if it is not properly secured.

Information assurance is a huge buzz word of late in the technical security industry. This especially holds true for government security contracts. Most technical security solutions of the modern age are internet protocol (IP) compatible. When new IP devices are introduced to a network, information assurance is required to assess if they create vulnerabilities on the network. The technical security and information technology (IT) worlds have been converging for several years so the fact the information assurance is relevant to technical security installations is no surprise.

We have explored various aspects of social engineering the last few weeks including methods and targets. The manipulative art of social engineering falls under a few distinct philosophies depending on which methods are deployed to get what is wanted. One philosophy of social engineering is “theft from a distance”. Thieves steal things. Social engineers steal things. Therefore the correlation between social engineers and thieves is easy to make, but why are some social engineering methods referred to as “theft from a distance”? The reason is that many social engineering scams are conducted via telephone, email, and other forms of communication that don’t involve direct interaction with the target.

Social engineering professionals target people they feel are susceptible to their tactics. Many times, a determined criminal or intelligence agent will deploy various social engineering techniques against a target if there is significant information or access to be gained from that individual. Targets are normally unaware that an attack is happening unless they are informed and trained properly to identify and divert the attacks. Social engineering experts might choose targets of opportunity or possibly might choose targets due to specific value. Being a target of social engineering attacks can seem benign, but beware of the consequences of falling into these criminal’s traps.

Social engineering professionals deploy many methods in their attempts to manipulate the people they target. Email scams, telephone contacts, posing as a trusted vendor or service provider, direct contact, and social integration are a few of the methods that are commonly used. Social engineering methods continuously evolve with communications technology advancements. Criminals will seek to take advantage of any method that allows them to communicate with as many people as possible. Finding susceptible targets requires contact methods that can reach the masses since the percentage of people that will fall for the tricks is relatively low. As people become educated about certain social engineering methods, the public is able to detect and prevent these attacks, but criminals unfortunately adapt.