Social engineering is a growing threat to network security, and it is a difficult one to tackle because it comes in so many forms. Lenny Zeltser, the head of Savvis' security consulting group, outlines four social engineering techniques that outsiders might use to gain access to your network, in an article by CSO's Joan Goodchild.

The first technique involves the use of alternative communication channels, such as voicemail or windshield flyers, to lure victims to phony websites and get them to hand over confidential data. This can be an effective tactic because people tend to trust phone calls and the printed word more than they trust email.

A second technique targets victims by using messages that appear personally relevant or familiar. Victims can be tricked into downloading malware, for example, if false news headlines that appear pertinent are dangled before them.

Two other techniques take advantage of the typical user's tendency to go along with what everyone else is doing or with what has become a matter of routine. Scam artists use popular social networking sites or file-sharing sites to distribute malware, figuring that users have their guard down in these environments. In a similar tactic, false security updates have lured victims into downloading malware.

For more:
- read Joan Goodchild's article at CSO

Related Articles:
Report: Enterprises are a growing target for cybercrime
Proof of concept attack highlights new weakness in PDF specification