What you should know about Social Engineering

The term social engineering is familiar to many of us and occasionally makes the headlines of IT news and reports. However, its threat and its high penetration rate towards organizations is hardly recognized by the public.

Social engineering takes advantage of human curiosity, utilize intriguing mail title that is related to the latest news , events, gossip, special deals etc... and formated as a normal mail, seducing recipients to click or to download the attachments of it. Once opening these mail or attachments, personal information and organzation's important messages have sneaked out to the internet without the recipient noticing.

How can this happen? For example, some HTML file have malicious URL that was hidden within the file. Further changing the file name to .doc which forge to be a word file, recipients open the attachments without knowing there has been a automatic connection to download trojans.

Another kind of social engineering mail will embedd a picture download link, once the recipients have agreed to download the pictures, these phishing mail not only will download the pictures but as well as malicious URL, which will download the trojans simultaneously.

So next time when an unknown sender send you a mail with intriguing title of ''Special Deal of IPAD 2'', ''the ten hottest apps on iphone'' dont open or download the mail so soon, and look carefully for the sender address. Remember, '' curiosity kills the cat'' best describes how social engineering mail works.

[About Cellopoint Social Engineering Drill]

Cellopoint provides all levels and content of social engineering drill procatices. Utilizing different categories and subject of social engineering mails to test organizations users, combining with social engineering education training, which will enhance the security awareness of users and intensify the risk management of organizations.