This research paper is primarily based on information gathered from secondary sources explaining what the term “social engineering” is, how it is perpetrated, and the impact it has on individuals and corporations. It will also discuss ethical issues and action that can be taken by both individuals and corporations respectively to mitigate and minimize the risk of social engineering attacks. Social engineering, in the context of information technology, is defined as “gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others” (Gary B. Shelly, 2010). The methods adopted are similar to those used by con artist where individuals are tricked into divulging confidential information. Social engineers mislead their victims into providing confidential and critical information that can enable them to perpetrate fraud. Social security numbers, user names, passwords, credit card details, bank account numbers and organizational charts are prime examples of target information that is used by fraudsters to commit a crime or in some case sell the information to other criminals. Individuals using social engineering techniques, or social engineers as they are commonly called, are essentially hackers. The only distinction is hackers use technical methods like installing spyware on targets computers or networks to secure information, whereas the social engineers uses a combination of technical, social and psychological skills to carry out their attacks. The article Social Engineering Foundamentals: Hackers Tactics (Granger, 2001) shows that attacks can be carried out in both physical and psychological forms and can involve physical intrusion into the work place, over the phone and collection of trash (a.k.a Dumpster diving). Items found such as documents and outdated or broken hardware components may contain crucial information which can be use to carried out...
Please join StudyMode to read the full document