The Use of Social Engineering as a Means of Violating Computer Systems

'Social Engineering' is a threat, often overlooked but regularly exploited; to take advantage of what has long been considered the 'weakest link' in the security chain of an organization -- the 'human factor'. The following real-life story is a classic illustration of this:

“In 1994, a French hacker named Anthony Zboralski called the FBI office in Washington, pretending to be an FBI representative working at the U.S. embassy in Paris. He persuaded the person at the other end of the phone to explain how to connect to the FBI's phone conferencing system. Then he ran up a $250,000 phone bill in seven months.”
--- Bruce Schneier. “Secret and Lies”.

As a security professional in today’s ever-changing world, it is important to be familiar with Social Engineering techniques and the counter-measures available to reduce the likelihood of success. By having this knowledge, one can ensure appropriate (preventative, detective and corrective) measures are implemented to protect the staff and assets of an organization.