Social engineering is a scheme using social techniques to attempt to gain information or access. An attacker may claim to be someone authorized to access the system such as a help desk technician, vendor or contractor and attempt to get the victim to reveal his user ID or passwords, or even request the set up of a new account for the attacker himself. An attacker may also call the organisation's help desk impersonating an authorized user to gain information about the system (e.g. requesting the help desk to change the original system password to one designated by the attacker).
No comments:
Post a Comment