Security Experts Warn of Upsurge In 'Social Engineering' Scams
By Ian Bush
PHILADELPHIA (CBS) -- An ever-present computer crime that targets employees at every level of a business has corporate information technology experts concerned.
Sometimes referred to as "pretexting," it's designed to be much more inconspicuous than, say, a scam e-mail from a Nigerian prince. And it's often aimed at office workers in big companies.
"They'll get phone calls purporting to come from their IT department," explains Rob D'Ovidio, an associate professor of criminal justice at Drexel University.
He says that because a call or e-mail purportedly from a fellow worker inspires trust, the employee's guard is down.
"So we're more likely to give them some sort of personal information, or information about our own computing environment -- our password, our user name."
He's also seen social engineering attacks in the form of surveys sent to CEOs, asking unassuming questions such as, "What's your pet's name?" or, "What high school did you attend?"
The whole objective, warns D'Ovidio, is to gather personal information that might lead to someone else guessing the target's passwords, making it easier for hackers to gain access to a company's network than by getting past a firewall.
If you get such a phone call, D'Ovidio says, get the person's name and number, then ring your IT department on the number in the company directory to verify that the call is legit.
And whether it's a call or e-mail, your own computer people should never ask you for your password or ask you to click a link or open files that purport to fight a PC virus infection.
