Social engineering occurs when an attacker tries to gain access to equipment or a network by tricking people into providing the necessary access information. Often, the social engineer gains the confidence of an employee and convinces the employee to divulge username and password information.
A social engineer might pose as a technician to try to gain entry into a facility. When inside, the social engineer might look over shoulders to gather information, seek out papers on desks with passwords and phone extensions, or obtain a company directory with email addresses.
Here are some basic precautions to help protect against social engineering:
- Never give out your password.
- Always ask for the ID of unknown persons.
- Restrict access to visitors.
- Escort all visitors.
- Never post your password in your work area.
- Lock your computer when you leave your desk.
- Do not let anyone follow you through a door that requires an access card.