Москва
+7-929-527-81-33
Вологда
+7-921-234-45-78
Вопрос юристу онлайн Юридическая компания ЛЕГАС Вконтакте

Protection against social engineering.

Обновлено 21.08.2025 07:54

Telegram channel: https://t.me/protectioninformation

Telegram Group: https://t.me/informationprotection1

Website: https://legascom.ru

Email: online@legascom.ru

 

#informationprotection #informationsecurity

Protecting yourself from attacks carried out with the help of social engineering is not as easy as it is from technical attacks. The fact is that the main threat here comes not from poorly protected hardware or an incorrectly configured application, but from people working with these systems. It is necessary to limit, within reasonable limits, the information that an attacker can obtain through social engineering.

For example, in the case of phone calls, the secretary must always ask who is calling and on what issue. This will cut off some of the attempts to collect information. Although, of course, more advanced attackers can easily bypass such "face control".

As for job advertisements posted on a corporate website, it is better to specify several different technologies and equipment models as requirements in order to make it more difficult for a hacker to collect information.

The interview example, of course, is not the most common way to collect information, since most hackers work remotely and they would rather use port scanners and packet generators than communicate directly with representatives of the hacked organization. However, do not forget about this method of collecting information.

In addition, not everyone has the appropriate acting skills and abilities to properly complete an interview and get the necessary information.

It is better to conduct interviews with applicants in meeting rooms. And to test your professional skills, it's better not to be lazy and come up with several "tasks" that are not related to the current network architecture of the company.

In general, the best solution to the problems described earlier is to carefully consider the information that an attacker can obtain and what he can do with it later. For example, during a technical interview, ask the applicant questions, but at the same time try to avoid answering his questions about the existing network infrastructure. For example, to say that you have several hundred jobs, without specifying a more precise meaning.

Just don't forget that a dialogue is a conversation between several people and that you can not only receive information, but also give it away, sometimes without noticing it yourself.