The term “social engineering” was coined by Kevin Mitnick, a hacker who spent many years in federal prison for nefarious activities, then became a highly sought-after computer expert, writing books and other journals. (Mitnick, 2002, p. x). The basics of social engineering are simple – a criminal will use psychological and other low-tech techniques to get what he wants, and what he wants is to hack into the secure databases of these companies to steal trade secrets to give to competitors, or other valuable and confidential information. Some of these techniques include “dumpster diving” to get information about a company that he wants to exploit; impersonating colleagues, management or IT professionals on the telephone to get information that he needs, such as passwords and passcodes; befriending employees; and getting a job a the corporation to get all the information he needs.
Social engineers are a huge threat to all corporations, because what they do seems so innocuous. They also are able to exploit very basic mistakes, such as the fact that employees do not always shred sensitive documents, and think nothing of throwing away calendars, employee handbooks, and corporate phone books, all of which are gold-mines to the social engineers who are looking for information to get their foot in the door of a large corporation. And they do a lot of damage. In one study, people using social engineering techniques were able to steal $1 billion of information in one day!
One of the new scams involves live “support” personnel. (Claburn, 2010, p. 1). In this scam, an individual gets a pop-up or other advertisement stating that their computer has been infected with a virus, and that they need to purchase a certain program called Live PC Care to remedy this problem. If the individual is reluctant to buy this Live PC Care program, then they can click on a box to talk with live personnel. What this