What security exploit is this?

During a normal workday, you receive a call at your desk asking for information about a recently submitted help desk ticket. Two things are remarkable about this particular call; you notice that the call is coming from an outside line, and you don’t have any recent help desk tickets. What security exploit should you be concerned about?

A) Phishing

B) Spyware

C) Social Engineering

D) Baiting

The answer: C) Social Engineering

If someone is trying to communicate directly with you to obtain restricted information, there’s reason to be concerned. As modern day technological con men, social engineers are very good at getting information from you while your guard is down.

The incorrect answers:

A) Phishing
Phishing is the gathering of sensitive information through a fraudulent emails or web pages. A phishing page will look exactly like your bank’s login page, but your user credentials are sent to the bad guys instead of your financial institution.

B) Spyware
Spyware runs on a your local computer an gathers information about your surfing habits, keystrokes, and gathers other information that the bad guys can use to exploit your computer or personal information.

D) Baiting
Baiting is a technique that plants a piece of media (CD-ROM, memory stick) in an area where it can be found. The media usually contains a Trojan Horse or other malicious software that can open your system for attack, install keyboard loggers, or other bad, bad things.

Want to know more? Watch “Security Preventive Maintenance.” The security of an organization is ultimately only as good as its people and its processes. In this video, we’ll discuss the importance of patching systems and training the user community. We’ll also learn about social engineering and discover ways to address social engineering situations.