How did the perpetrator carry out the attack using social engineering?

Attackers use social engineering tactics to trick users into giving up secret information. Social engineering existed long before the computer or the Internet. However, by their very nature, computers and networks can facilitate an attacker in finding and stealing personal information. Technical security solutions alone cannot ensure complete protection of information from such social engineering attacks. Users have to be aware of and educated about ways to keep their information safe from “social engineers.”

To prepare for this Discussion, conduct some research through Internet or any other appropriate source to find a reported case where an attacker used social engineering to steal data, rather than directly attacking security measures. For example, if someone can convince a person to hold the door open, that is much easier than trying to hack the badge reader to gain building access.

For this Discussion, post a description of the scenario that you identified and cite the source. In your post, address the following questions: How did the perpetrator carry out the attack using social engineering? What measures might have prevented the attack? For the case you have chosen, recommend specific guidelines for users to protect against social engineering schemes.