You answer your doorbell and a uniformed delivery man with a clipboard stands there, looking confused. “Hey, uh, I’m looking for house number 6727, but I don’t see it. Can you point me in the right direction?”
“No, sorry, there is no 6727 on this street,” you say.
“Hmmm, well it says here that I need to pay a call to Martha Johnson. Is that a name you recognize? Any chance you know where I could find her?”
“Oh, Martha, yes, she’s my neighbor,” you say. “She’s actually at 6272. Try checking there. Hope it works out.”
An innocent conversation with a person who has legitimate business?
Or a social engineering ploy?
If you haven’t heard about social engineering, chances are, you will soon. This has long been a subject of training at places with higher security risks, like banks, the information technology industry, and other companies who hold sensitive information. However, it is trickling down to ordinary people who unwittingly give out information that seems perfectly legitimate.
Social Engineering is one facet of crime in which people contrive to get others to divulge vital information while seeming to be perfectly innocent and legitimate. For instance, a person gains access to an office by pretending to be making a service call to the copy machine when they’re really there to steal confidential information, or a woman dressed as a housekeeper gets in with the pretense of watering the plants, or a criminal makes a phone call and asks a series of innocent-sounding questions to get the person on the other end of the line to divulge names, passwords, or bank account details.
From there, armed with the stolen information, the crooks will go to the next step of their plot in order to carry out their agenda.
It’s amazing how a fast-talking person with the gift of gab can get people to give out information. In fact, hackers and information thieves often consider it much easier to talk to a person to get a password or other piece of vital information than it is to hack into the system to retrieve it.
In the scenario we described above with the person who rings your doorbell, we can think of at least a few possibilities of how you could be more at risk than you think over a simple conversation like that.
- The person is merely checking to see if you are home, and when they discover that you are, they come up with a legitimate-sounding pretext for what they were doing there. It’s a common technique of burglars to ring the doorbell first to see if anyone is home.
- The person is checking up on one of your neighbors with the intent to do something with the information they extract from you.
- The person is checking you out, perhaps to size you up, get a voice print or an image of you, and go from there to the next step of what they intend to carry out.
None of these scenarios are good. So how do you protect yourself? Here are some tips from our doorbell security company on things that you can do.
- Don’t give out any information, even public-knowledge information. The people engaged in social engineering will frequently use a technique called “Foot in the door” — they will start by asking for simple things and then go in for the kill once you have answered their generic questions. It’s a human tendency to be more likely to answer that “big” question once you’ve answered a couple of small things. Don’t do it. Simply say politely “I’m sorry, I’m not able to give you any information.” Repeat that phrase as many times as necessary if they ask follow-up questions.
- Install a doorbell video camera that you can manage from your smartphone. This accomplishes three things. First, it makes it look like you’re home, even if you’re not. Second, it makes it easier for you to withhold information. Third, it prevents the person at your door from having access to your physical presence. All three of these things are good for your protection.
We hope that you’ll never be the victim of an attempted social engineering attack, but if you are, we hope that these tips will help you to be safe and keep your neighbors or coworkers safe as well.