'Social engineering': Espionage against our domain

  • Published
  • By Airmen 1st Class Jacob Bell and Michael Crotts
  • 633rd Communications Squadron
As members of the Department of Defense, we must always consider the impact our network and infrastructure has on our mission and how we protect these assets. They are under constant attack, whether by hackers, people digging through trash attempting to find valuable information or through "social engineering," where the main vulnerability is the "human factor."

One example of social engineering is a phishing attack, where attackers use fraudulent e-mails and phone calls to get your personal information. The attackers will pretend to be a legitimate organization or create an illegitimate organization in order to trick you into surrendering them the information they are after. Always stop and think before you click; one click of the mouse could give away your personal information, your computer's information and any of your organization's information, which would cause a huge deficit to the mission if compromised.

Another form of social engineering is "tailgating," where attackers exploit courteousness. You could pass a new face in your work center that just happen to have his or her hands full in front of the classified door that you are getting ready to walk through, holding the door for that person. If the person is not authorized, our assets could be destroyed.

Have you ever felt like someone was watching you? "Shoulder surfing" might make you think twice about looking over your shoulder. Someone could walk by at the exact moment you enter your password; the attacker waits for you to begin to log onto your system and casually walks by. They could even go as far as to set up a camera to monitor the different passwords you use, allowing full access to assets.

It is up to all of us to protect our domain; you must take it upon yourself to gain a greater education on these forms of attacks. While these are only a few examples of social engineering, there are even more conniving ways attackers can gain access to your assets and personal information. Take the first step and help become a part of the change to stop social engineering. It's your choice to either become a hero of the domain or an accomplice to an attacker's intentions.