Читать книгу Cybersecurity For Dummies - Joseph Steinberg - Страница 118

In the context of information security, social engineering refers to the psychological manipulation of human beings into performing actions that they otherwise would not perform and which are usually detrimental to their interests.

Examples of social engineering include

 Calling someone on the telephone and tricking that person into believing that the caller is a member of the IT department and requesting that the person reset their email password

 Sending phishing emails (see Chapter 2)

 Sending CEO fraud emails (see Chapter 2)

While the criminals launching social engineering attacks may be malicious in intent, the actual parties that create the vulnerability or inflict the damage typically do so without any intent to harm the target. In the first example, the user who resets their password believes that they are doing so to help the IT department repair email problems, not that they are allowing hackers into the mail system. Likewise, someone who falls prey to a phishing or CEO fraud scam is obviously not seeking to help the hacker who is attacking them.

Other forms of human error that undermine cybersecurity include people accidentally deleting information, accidentally misconfiguring systems, inadvertently infecting a computer with malware, mistakenly disabling security technologies, and other innocent errors that enable criminals to commit all sorts of mischievous acts.

The bottom line is never to underestimate both the inevitability of, and power of, human mistakes — including your own. You will make mistakes, and so will I — everyone does. So on important matters, always double-check to make sure that everything is the way it should be. It is better to check many times when there was, in fact, no social engineering attack, than to fail to check the one time that there was such an attack.