Effects of Digital Convergence on Social Engineering Attack Channels

Effects of Digital Convergence on Social Engineering Attack Channels

Bogdan Hoanca (University of Alaska Anchorage, USA)
DOI: 10.4018/978-1-60566-036-3.ch009


Social engineering refers to the practice of manipulating people to divulge confidential information that can then be used to compromise an information system. In many cases, people, not technology, form the weakest link in the security of an information system. This chapter discusses the problem of social engineering and then examines new social engineering threats that arise as voice, data, and video networks converge. In particular, converged networks give the social engineer multiple channels of attack to influence a user and compromise a system. On the other hand, these networks also support new tools that can help combat social engineering. However, no tool can substitute for educational efforts that make users aware of the problem of social engineering and policies that must be followed to prevent social engineering from occurring.
Chapter Preview

Social Engineering

Social engineering includes any type of attack that exploits the vulnerabilities of human nature. A recent example is the threat of social engineers taking advantage of doors propped open by smokers, in areas where smoking is banned indoors (Jaques, 2007). Social engineers understand human psychology (sometimes only instinctively) sufficiently well to determine what reactions they need to provoke in a potential victim to elicit the information they need. In a recent survey of black hat hackers (hackers inclined to commit computer crimes), social engineering ranked as the third most widely used technique (Wilson, 2007). The survey results indicate that 63% of hackers use social engineering, while 67% use sniffers, 64% use SQL injection, and 53% use cross site scripting.

Complete Chapter List

Search this Book: