IT Baseline Protection Manual T 5.42 Social engineering
T 5.42 Social engineering
Social engineering is a method of "bugging" information which is not generally accessible. Perpetrators often pose as insiders by using pertinent keywords during conversations and thus receive information useful for other purposes.
"Sounding" can be performed by telephone call where perpetrators pose as:
A secretary whose superior needs to urgently complete a task but has forgotten the correct password
An administrator who is calling because of a system error and needs to know the user password to eliminate this error
A telephone technician who needs to know certain details, e.g. the subscriber number a modem is configured for and the settings of this modem
An external person wanting to speak to Mr. X who is not on the premises. The information that Mr. X will be away for three days also implies that Mr. X's account will remain unused and unobserved during this period.
If queries are subsequently raised, the inquisitive caller was "just an assistant" or "somebody important".