Security threats explained: Social engineering

Social engineering, according to Quest Software, can be defined as the technique of using deception and manipulation to gain sufficient knowledge to dupe an unwary individual, employee or company.

For example, the involved telemarketers calling people, telling them they have a virus and requesting the recipient's authority to run a Windows program called Event Viewer in order to fix 'so-called' bugs in the operating system. Other callers claim they can remove the virus for a fee and ask for people's credit card details.

In this series, Computerworld Australia examines some of the information security threats facing small businesses and larger enterprises today. We've looked at and continue the series by speaking to experts about the problem of social engineering.

Scammers have called people posing as a member of their company's IT department and named the person's boss in order to gain their trust, according to Sophos Asia Pacific director, Rob Forsyth.

"So if the 'IT department' rang and said that Pete [not his real name] has told them your computer was having a problem and they had been asked to fix it, would you do their bidding?," he asks. "Social engineering is the major tool used by criminals to build trust and undermine security."