The User Level: Social Engineering
Social engineering is the practice of receiving information you are not authorized to have through means of deception and exploitation. Social engineering is when someone tricks another person into giving them information under false pretenses.
There are several methods of attack:
- In person
Here are a few ways to protect yourself again social engineering:
- Verify the identity of a person requesting confidential information. Verification with a photo ID is best.
- Verify that the URL is correct and secure.
- Verify that the person is who they say they are and are employed by who they claim.
- Verify that the person has permission to do what they have stated they are going to do.
- Verify everything!
- And, unfortunately, be suspicious of anything and everything out of the ordinary.