Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology.
Social engineering is all about information. The cyber-criminal wants to gather as much information about the target as is possible. Some of the techniques that they use attempt to manipulate a computer user either from within the organization or from without.
The main social engineering techniques consist of the following:
1. Shoulder Surfing
2. Role Playing
4. Reverse Social Engineering
5. Dumpster Diving
6. Trojan Horses
7. Surfing Online Content
8. Electronic Surveillance
I will visit some of the areas listed above with a focus on how to build a case and arrest the cyber-criminal. Don’t worry that your state does not have laws specific to cyber-crime. Cyber-crimes committed using social engineering tools, tactics and techniques can be covered under general criminal law statutes. In order to begin building a case, law enforcement and security officers must be able to identify social engineering activities from non-criminal behavior.
The next blog in this series is a social engineering story to show some of the activities that we learn to recognize as criminal behavior. The blog following this story will begin identifying cyber-criminal behavior originating at a corporation’s dumpster.
If you have the desire to help wipe out cyber-crime the next step is to get your education!…..The NCI through Excelsior College offers programs and courses.