In my research on the Dutch banking system, it became clear that the banks are seriously worried about social engineering. These techniques, such as phishing and identity theft, have become increasingly common. No reason for concern, right? Surely, a system upgrade, some stronger passwords, or new forms of encryption and all will be well again. Wrong! When it comes to social engineering, trust in technology is deadly. The solution, in fact, cannot be technological; it must to be social.
The term social engineering has been around for decades, but in the last couple of years, it has been popularized by famous social engineer Kevin Mitnick. In the book Social Engineering: The Art of Human Hacking by another famous social engineer, Christopher Hadnagy, social engineering is defined as “the act of manipulating a person to take an action that may or may not be in the ‘target’s’ best interest.” This may include obtaining information, gaining computer system access, or getting the target to take certain action. Kevin Mitnick pointed out that instead of hacking into a computer system it is easier to “hack the human.” While cracking the code is nearly impossible, tricking someone into giving it to you is often relatively easy. more...