Social engi­nee­ring exploits human beha­vi­or such as hel­pful­ness or respect for aut­ho­ri­ty to obtain con­fi­den­ti­al infor­ma­ti­on. When com­mu­ni­ca­ting with unknown peo­p­le, be careful what infor­ma­ti­on you disclose.

Places and media used for social engineering:

  • public trans­por­ta­ti­on
  • at the lunch table
  • at busi­ness events
  • in the com­pa­ny par­king lot
  • by tele­pho­ne
  • by e‑mail
  • online sur­veys
  • through spy­wa­re

Typi­cal infor­ma­ti­on atta­ckers are inte­res­ted in:

  • Com­pa­ny secrets and intellec­tu­al pro­per­ty (IP)
  • Orga­niza­ti­on charts
  • Sup­pli­er relationships
  • Cus­to­mer relationships
  • Pri­ce infor­ma­ti­on / pri­ce lists
  • Pass­words & access data
  • Infor­ma­ti­on about the used IT systems
  • Infor­ma­ti­on about IT secu­ri­ty systems

Keep in mind: Par­ti­al infor­ma­ti­on that seems unim­portant indi­vi­du­al­ly can be com­bi­ned from dif­fe­rent sources and then used for plan­ning a social engi­nee­ring attack!

Inter­nal (pri­ma­ri­ly sen­si­ti­ve) infor­ma­ti­on must not be shared unche­cked with third par­ties who­se iden­ti­ty is not cle­ar­ly estab­lished and con­fi­den­tia­li­ty agree­ments legi­ti­mi­ze the arrangements.

You can find a list of all secu­ri­ty awa­re­ness tips from SEC4YOU in our sti­cky notes.