Not All Hacking Happens In the Terminal Window
When you think of a hacker, what do you imagine? A Mr. Robot-type person with a hoodie and a laptop, listening to Aphex Twin while logging into unsuspecting networks with their default router passwords? An Eastern European criminal on the other side of the world, funneling money out of someone’s bank account and into their own? A dark, smokey basement, softly lit by the flicker of glowing cathode ray tube light?
That mental image may not be completely true. Most attacks are carried out in the real world and take advantage of unsuspecting peoples’ kindness, inattention or naiveté. Social engineering is a strategy for individuals to find an individual likely to slip up — maybe a new employee, someone undertrained or someone who lacks confidence — and exploit these traits to either gain access to places they should not be, obtain physical access to hardware or to extract private data from an individual or organization.
Social engineers can employ several tactics to extract data from a company. This can be as old school as the classic dumpster dive. If a company is throwing out paper records without first shredding the documents, this information can easily be obtained. A social engineer may find out the name of an upper level manager, then call their company’s help desk to have a password changed so they can access that person’s information. They may namedrop upper-level employees’ names in hopes to circumvent protocol. They could simply walk in with a few pizza boxes, and someone else could hold the door open for them, giving them access to the building.
There are many ways the skilled social engineer can use very simple strategies to exploit data from you. I recommend reading “The Art of Deception” and other books on the subject by legendary hacker extraordinaire Kevin Mitnick.
In order to avoid being a victim of social engineering, be sure to thoroughly train employees on security protocols, enable two-factor authentication and make sure that you have installed the latest version of Jungle Disk’s network protection service.