Social engineering methods can take a number of different forms. Every method is intended to entice unsuspecting users into helping the attacker-whether it's by opening attachments that will unleash a virus or providing the attacker with sensitive information.
Social engineering attempts can include a virus inside a file that appears to be an official document or a "joke" e-mail with an attachment that claims to be a game but is in fact a malicious computer worm. These attempts can pop up anytime during a normal workday, in a seemingly unthreatening manner.
E-mail. E-mail can cause several types of security breaches. Viruses and inappropriate e-mails-which may open a company to legal liability-are two examples. The key to combating this threat is educating computer users and updating security programs.
Peer-to-peer/file sharing. The use of file-sharing applications is a practice that attackers often take advantage of. Many peer-to-peer (P2P) programs, which allow people to swap electronic files over the Internet today, contain spyware. Other dangers include the risk of downloading a file that appears to be harmless but contains a virus or worm.
Instant messaging (IM)/ Internet relay chat (IRC). Instant messaging systems also allow users to exchange unencrypted files with each other. Such file transfers can cause the spread of traditional viruses, worms and Trojan horses. The best protection against any threat spread through IM file transfers is to deploy up-to-date antivirus software on all client desktops, preferably with protection for IM applications.
Internet surfing. Non-work-related Internet surfing increases the chances that people wil l visit a Web site that contains malicious code that communicates directly with the user's machine, giving hackers access to data and, potentially, the network.
Passwords. A carefree attitude toward passwords is what social engineers are banking on. Weak passwords make it easier to break in to those networks and use your network for other illegal activity. Passwords should be created with care in order to safeguard the network.
Regular and constant training within a marketing group helps each member of the team to effectively safeguard the information integrity of the network. For individual computer users, the best protection remains common sense coupled with updated security software.
Laura García-Manrique is senior director of product management for the consumer products and solutions division at Symantec Corp. She can be reached at [email protected].