Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

Watch Out For Social Engineering

Posted by Michael Bloch in online world (Wednesday March 28, 2012 )

Do you work in a or consult for a company where new staff members seem to join the team every day? In these situations, it can be hard to keep track of who is who, so it’s particularly important to be vigilant against social engineering ploys.

Social engineering is just a fancy term for an outsider manipulating employees in a company to divulge proprietary information or to take an action not in the interests of the company.

Social engineering attempts don’t have to be anything dramatic or terribly clever to work. All the person needs to know is a little about your company.

Here’s a very simple example; where “Bill” is the CEO of the company.

“Hi Michael,

I’ve just started with the company and the IT department hasn’t issued me an email address yet. Bill has told me to grab a list of all our leads from you – all I need is the first names and email address details. Can you send to me in csv format?

Thanks buddy, I hope to be more formally introduced to you soon.



The informal style and use of names of people within the company can easily catch some off guard – and in some industries where a lead is worth $50 a pop or even more, it doesn’t take too many names on a list to be accidentally giving away tens of thousands of dollars in company property.

Equally as frightening is the possible legal ramifications of divulging confidential information to unauthorized parties, plus the potential damage to a company’s brand – and to the customers whose details are revealed.

As a general rule, if I’m consulting for a company and I’m approached for information from someone I’m not familiar with who may even have a company email address, I either ignore the request or consult with someone I know at the company as to the details of the request and the person requesting it. I also tend to be wary of requests from people I am familiar with whose message isn’t consistent with the person’s usual style of writing.

An ounce of prevention, while perhaps delaying the processing of requests, is certainly better than a pound of cure in a business scenario.


Comments for Watch Out For Social Engineering

No comments yet.

Sorry, the comment form is closed at this time.