Social Engineering

"Social" Engineering

Social engineering is a term for tricking a person into revealing their password or other confidential information.

A classic social engineering trick is to send email claiming to be a system administrator. The email will claim to need your password for some important system administration work, and ask you to email it back. Often, the email will appear to be from a real system administrator, and be sent to everyone on a network, hoping that at least one or two users will fall for the trick.

You can also be scammed for your password via telephone. In fact, theft of credit card information or identity information via "dumpster diving" (or from a restaurant credit card receipt) are examples of social engineering that do not involve technology or the Internet.

Another common trick used by social engineers is sometimes called "shoulder surfing." This is when someone reads your login information, password, or other confidential information over your shoulder.

Wi-Fi users are particularly vulnerable to shoulder surfing. The best defense is to be alert and very careful if you think someone may be looking over your shoulder. If you think someone has read your password, you should change it (or get it changed) immediately. For example, if you think someone may have read your T-Mobile Hotspot password over your shoulder as you entered it in a crowded hotel lobby, you can use the T-Mobile personal preference page to change your password, or contact T-Mobile technical support right away by email or telephone.

If somebody is watching you when you type in your password, you should move away, or ask them not to look while you log in. It's not polite to read someone else's password, so you shouldn't worry about being impolite yourself when you ask someone not to read it.

tip

The best passwords are long (at least six characters and digits) and contain both letters and numbers. If a password is very easy to remember, it is probably not that strong a password.

Another form of social engineering is guessing your password. You should try to use passwords for logging on to Wi-Fi networks, and passwords in general, that are hard to guess. You should realize that people can find out things about you from public records, such as your date of birth, the names of your children, and so on. So publicly available information about you should not be used for passwords because it can be guessed fairly easily.

Social engineering is the biggest threat to computer security, Wi-Fi enabled and otherwise. The best defense is awareness of the problem, and alertness for possible security intrusions.