Infosec Home at The University of West Georgia

Log On

Social Engineering

 Social engineering is the manipulation of people within an organization or company to release confidential information in order to gain access to areas, computer systems or information with the intent to commit fraud, network intrusion, industrial espionage, identity theft, or to bring major disruption to the system or network.

A social engineer is essentially a ‘con’ person, who uses a form of psychological interaction to trick humans somehow to break security protocol. Common methods of social engineering are to pose as someone who needs to gain access to a system to fix an urgent problem, or the use of intimidation/authority, or even eavesdropping or offering something attractive in exchange for information. They rely on the fact that sometimes people are careless about protecting valuable information and they will go as far as dumpster diving, shoulder surfing for access codes (looking over someone’s shoulder while that person punches in a secure code and memorize it), or looking for passwords taped to a computer. They also prey on people’s tendency to use passwords that can be easily guessed.

Security experts everywhere have concluded that as our culture becomes more dependent on information technology, social engineering will always be the biggest threat. No matter how much money is spent to create a secure network, it will be people who remain the weakest link. It is important to educate everybody about the value of information and how to protect it.

UWG’s Information Technology Services will make an effort to increase its employee's and student’s awareness of how social engineers operate. Here are some tips for you to consider: