Wikipedia defines social engineering, in the context of information security, as the “psychological manipulation of people into performing actions or divulging confidential information.” Our increasing reliance on vast networks of digital technology for information storage, research, controls, and transactions makes organizations highly vulnerable to social engineering fraud.

There is a strong urge to combat this risk with a technological fix like stronger encryption or better management controls. The problem is not a technical one because social engineering fraud is based on the exploitation of human interactions and human frailties.

… Continue reading

One of the more pervasive human risks in modern organizations is fraud through “social engineering.” Social engineering fraudsters gain access to your most valuable assets by using deceitful tactics to turn trusted employees or partners into unwitting and unwilling accomplices. This occurs at a typical loss rate of $25k to $100k per incident. This stealthy crime can be very hard to detect because the accomplice is unaware of being complicit, giving the perpetrator time to escape.

… Continue reading