teach-ict.com logo

THE education site for computer science and ICT

3. Social engineering

A well-designed network can make it almost impossible to directly attack the hardware of a system. But even the most secure network is made vulnerable when it is used by real live humans. People can make mistakes; they can be tricked, fooled, bribed, or threatened.

All of these threats to a network are labeled together as 'social attacks'.

It is difficult to generalise social attacks because there are so many ways an attacker can convince a user to compromise security either willingly or unwillingly.

What social attacks all have in common, though, is that they target people rather than hardware or software.

Examples of social attacks include:

  • Bribing a user into allowing an attacker access to a system
  • Putting a thumb-drive full of malware somewhere a user might pick it up, and labelling it so that they would want to open it on their system. Something like "Salary Records" or "Staff redundancies".
  • Phoning up a user at work and convincing them to break policy and give them the information they want directly, like patient information records.

There are hundreds of other ways social engineering could be used to threaten a network, and criminals are constantly coming up with new ones.

Read this news story: Malware-infected USB sticks posted to Australian homes

 

social engineering

 

Challenge see if you can find out one extra fact on this topic that we haven't already told you

Click on this link: What is social engineering