Social Engineering: What It Is & How to Stop It

When most people think about how criminals carry out crimes, they mainly think about them forcefully breaking in or hacking into low-level security systems. However, it’s quite common for criminals to get access to sensitive data through a tactic known as social engineering.

Social Engineering Definition

Social engineering is defined as “the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data.” In basic terms, the goal of social engineering is to manipulate an authorized person into giving up information or access to an unauthorized person. Your building could have the most advanced physical security barriers in place, but anytime there’s people, there’s a risk of social engineering.

Common Techniques

Social engineering can occur just about anywhere and can take on many forms. However, all of the techniques will share one common characteristic: the unauthorized person will trick the authorized person into giving them sensitive information or physical access. Here are a few common techniques so you can get a better idea of what social engineering entails:

  • In-person: Often times, the social engineer will pretend to be an employee who forgot their access card or they will trick a security guard into believing that they need entry in order to perform a hired service like maintenance, construction, or cleaning.
  • Over the phone: The most frequent phone tactic involves someone impersonating a police officer or an auditor from the IRS. They will then threaten you with arrest if you don’t release your personal or financial information.
  • Online: The most famous online example is the “Nigerian Prince” case. In this email attack, someone claiming to be a Nigerian prince was offering a portion of his fortune to whoever would let him use their bank account to store his money for safekeeping. Other examples of “phishing” attacks include someone pretending to be a reputable company needing your account information to keep providing their service.

Prevention Tips

Preventing social engineering starts with proper employee training. Training methods may include programs that spread awareness about what it is and common tactics. If your employees know what it is and how to spot signs, then they will be less likely to fall into traps and give out secure information. Additionally, you should implement extra security measures. For example, you could instruct the security teams to always check the IDs of every visitor or tell employees to double check the source of suspicious emails.

But even though training will help, it’s not a guaranteed barrier against social engineering. As mentioned earlier, a common way for unauthorized people to get access into buildings is by pretending that they’re an employee who has forgotten their access card. By saying this, they’re able to trick the guard or employee into letting them in since there’s no way for them to verify their identity. In order to prevent this from happening, you should consider using face recognition access control turnstiles from 2M.

These turnstiles are basically regular turnstiles that will only grant entry to authorized personnel, but it uses face recognition instead of access cards for an added layer of protection. With access cards, anyone can use someone else’s card or say that they’ve forgotten their card. Face recognition makes it impossible for you to pass on or lose your credentials because your face is the credential. This means that it won’t be possible for someone to trick a security guard or an oblivious employee into letting them in. Not only that, the doors of the turnstile close quickly to only allow one person to pass through at a time so no one will be able to enter through tailgating.

Humans are prone to error, that’s what makes us human after all. Social engineering attacks are inevitable, but using face recognition access control turnstiles can help to mitigate the risks.