A social engineer can combine many small pieces of information gathered from different sources into a useful picture of the vulnerabilities of a system.
Information can be important whether it comes from the janitor’s or the CEO’s office; each piece of paper, employee spoken to, or area visited by the social engineer can add up to enough information to access sensitive data or organizational resources.
Misspelt website addresses or URLs can be bought and set up to look similar to your bank website with copied logos and login forms the added touch that aims to convince you to enter your account login information.
Criminals exploit a person’s trust in order to find out their banking details, passwords or other personal data.
Whereas, “non-traditional” sources are still legal but less obvious and often overlooked information sources such as dumpster diving.
It’s possible such sources can provide data that a corporate security awareness program wouldn’t or couldn’t take into account.
Popular types of social engineering attacks include: Security experts recommend that IT departments regularly carry out penetration tests that use social engineering techniques.
This will help administrators learn which types of users pose the most risk for specific types of attacks while also identifying which employees require additional training.