One of the most popular targets for social engineers is an organization’s customer care representative that provide information and support to external customers because they tend to be easily accessible to an attacker. This can also take place in a social sphere where the attacker presents itself as a vulnerable person in need of help. On the process vital information could be divulged from the target that will be helpful in carrying out the attack. While companies typically attempt to train these employees to guard confidential information and access to the company’s systems by providing detailed conversation scripts, social engineers have found that these employees are easy to manipulate. As a follow up to Part One of this series, hackers carry out a thorough recon on any of their targets before exploit.
.........A clouded mind is quite easy to be socially engineered.Customer care representatives spend every day continually helping a never-ending line of customers and psychological research has shown that it is incredibly difficult in this situation to question the validity of every interaction. Instead the employee will try every means possible to resolve whatever issue the customer is facing even if it deviates from policy put in place to prevent social engineering.
For example a social engineer could take advantage of this by feigning a poor ability to communicate in English using igbo in hopes that a call center employee will circumvent the policy in place to better assist the troubled “customer”. If successful, the social engineer may be able to bypass security questions put in place to verify the caller’s identity.
The first step in preventing attacks such as this, is to reduce the workload of customer care representatives by getting more people to do the job - a clouded mind is quite easy to be socially engineered.The next step is providing quarterly training and bulletins on social engineering attacks to keep employees abreast with modern techniques employed by hackers.
Kindly leave a comment below and don't forget to share!
No comments:
Post a Comment