14th February 2011
Social Engineering is the method by which information about an organisation or its operation is obtained by devious methods. This method is used to great effect to defeat the security systems set up by many companies certificated to ISO27001, The information security management standard.
This time of year we often act on behalf our Clients to see if their systems are as secure as they believe they are; we use computer penetration testing and social engineering to defeat our Client’s systems and then help them to plug the holes.
One method used is very simple but effective. We arrange for a young, pretty girl, clutching a bunch of flowers, a bottle of Champagne or a teddy bear to arrive at reception of any large company on 14 February; she explains to reception/security that she wants to surprise Mr (pick a common name) on this auspicious day, as it is the only day in the year when a girl can propose to a man. She thinks he works on the 4th floor. The helpful receptionist/security guard corrects her and tells her that he works on the 2nd floor; “once you leave the lift turn right and his office is 4th on the right”.
She is in, and has the freedom of the building; if challenged she can explain that she is lost and is looking for Mr …. on the 2nd floor. Eager to help she is taken through secure access points and given information about the company.
This information adds to that already gathered from other sources and can lead to a significant security breach.
The motto here is to trust no one and insist the even pretty young girls bearing gifts must follow secure access procedures.
Heybridge Business Centre
110 The Causeway, Heybridge
Essex CM9 4ND
T: 01621 857841
M: 07702 193788
© 2020 Quality Matters Ltd. All rights reserved. Responsive Design