social engineering
’, which typically involves imperson-
ating employees of an organisation to access security details. One example of this, given in
Mitnick and Simon (2002), is when the attacker contacts a new employee and advises them of
the need to comply with security policies. The attacker then asks the user for their password
to check it is in line with the policy of choosing a difficult-to-guess password. Once the user
reveals their password, the caller makes recommendations to construct future passwords in
such a way that the attacker will be able to guess them.
Do'stlaringiz bilan baham: |