As a security professional, it is an important and very difficult part of his or her job to prevent social engineers from gaining access to crucial company info through users. Some of these social engineering techniques are discussed in the following.
Social Engineering Techniques
One great social engineering techniques that social engineers use to their advantage is that of urgency. They make it seem to the user that the information they require is needed on a very urgent basis, failure to comply with this will result in a lot of loss and damage for the company. This makes the unsuspecting user act fast without thinking too much about the consequences of revealing any sensitive info.
Then there is the quid pro quo, which is a way of saying “You scratch my back and I’ll scratch yours.” This is done with the pretext of giving the user the impression that he or she as an individual will benefit personally from disclosing any of the information that the attacker requires. These could be promises of faster Internet service, for instance.
The status quo is another such technique. It means that the attacker makes the user think that all of the other employees are also disclosing the required info, so the user in question should, too.
Then there is the kindness. This technique is used in a very dangerous manner by social engineers, as they use it to gain the confidence and goodwill of the people they wish to target. Once their trust has been gained, the social engineers move in for the kill.
And finally, the position is another such social engineering technique. Convincing the user of the social engineer’s high-ranking position in the company can automatically cause the user to do what he or she is told to do without many questions asked, or any questions asked, for that matter. Authority brings with certain persuasive powers.
