Social Engineering: Threats and Countermeasures

I’ve worked on many projects over the years where we’ve attempted to gain access to a network and the data on it using social engineering techniques. One of the more common tactics used involves calling end-users and impersonating IT staff and other, usually non-existent, companies. The % of username and passwords given away by staff always astonishes me, typically we have a 75% plus success rate. This carries across private and non-private companies, medium to large organizations and works equally well against high-end business managers who are likely to have remote access. When this is combined with scanning for publicly accessible services, it can prove a highly effective way to gain remote access to a system or network.

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR