Pin Me

Social Engineering: How Not To Become a Victim

written by: Andy Malburg•edited by: Bill Bunter•updated: 11/2/2011

Have you ever felt uncomfortable with a question that you have been asked by a co-worker? Have you ever noticed that someone was walking around your desk looking at what you had? If so, they may have identified you as a possible victim of Social Engineering...

  • slide 1 of 1

    Social Engineering: What to Look for and How to Avoid Getting Fooled:

    One of the most major security issues that businesses have is the inability to train its employees on issues of security. My biggest pet peeve as an engineer for a multi-million dollar company is people who leave their workstations unlocked and their passwords exposed for the world to see in their cube/desk. Even you aren’t one of those individuals; there are still ways to get information out of you without you even knowing about it.

    I was passed this article and I was floored at all the different ways this guy was able to finagle and figure out information about his subject. The process of social engineering is, essentially, someone who tries to manipulate you into giving out confidential information about yourself, the company you work for, or anything that someone may want access to. In the next few minutes, I will discuss things you should watch out for to make sure that you are not a victim of social engineering.

    Work, for most of us is our home away from home. We spend as much time there as we do actually at home. The people we work with know as much about us as our family does. Due to this, we often share more information with people than we really should. My number one thing on social engineering is to be suspicious if someone is asking you questions that you really feel uncomfortable about answering. Do not give anyone any information that isn’t deemed absolutely necessary. The obvious ones are Social Security number, home address and telephone number, date of birth and so on. Scam artists look for such small things as birthdays, family member birthdays, colleges you attended, or the city you were born in. The person you work with needs to know that you are at work on time and accountable, not where you are coming from, how many kids you have, and so on.

    My number two thing to do to avoid becoming a victim is try to shred or properly dispose of every piece of paper, disk, voicemail that you feel should not be seen or heard by other people. Do not leave mail in your desk at work, either. This is a big time thing that a lot of people overlook. Scammers look for things like this to gain access to information about you. A part of this concern is try, if at all possible, to have your computer monitor turned away from the public walkway. Always be cognizant of people coming around your desk for no real apparent reason. Even if they are over there for a reason there is no reason for them to see your computer screen.

    My third and final way to avoid becoming a victim is to PLEASE, PLEASE, PLEASE make sure you train your people on how to avoid becoming a victim. This is the biggest overlooked factor. There are quite a few people who do not even know what social engineering is. It is a responsibility of a small business owner to protect the information of your business. If you train your employees, and your employees watch out for each other, your business will be better protected and you will not become a victim of Social Engineering.