Member Login | News & Info | Private Projects | Contact Us
News & Info: Industry & General News

Data Breaches and Social Engineering

Monday, 06 October 2025   (0 Comments)
Posted by: Ernest Roper

In recent years there have been many reports of high-profile data breaches, resulting in chaos for organisations that fell victim to it. This drives home the point that there are people out there, from remote locations behind a computer screen, who can pinpoint system and network weaknesses to find a backdoor in, and essentially hold organisations to ransom or use the access to cause irreparable reputational damage.

It is therefore no surprise that in this modern computer age, companies and governments invest heavily in systems and software to protect themselves from hi-tech breaches.

It is however also important not to lose sight of old school methods for gaining access that do not involve computer hacking. In such instances, intruders primarily rely on social engineering and exploit poor physical security. These tactics exploit human psychology. Widely used methods include shoulder surfing, pretexting, tailgating, baiting and the infamous honey trap:

  • Shoulder surfing: With this low-tech method, a person physically looks over someone's shoulder to steal data. They may watch their target enter a PIN or type a password into a device. Binoculars or hidden cameras can be utilised for remote observation.
  • Pretexting: This involves creating a fabricated scenario to deceive a target into giving up information. A person may impersonate a trusted figure, such as an IT support person or a compliance official to convince an individual to provide sensitive details. This can happen over the phone or in person.
  • Tailgating: An unauthorised person follows an authorised employee into a business, often by pretending to be a delivery person or a maintenance worker. Once inside, they can access valuable information via unattended devices.
  • Baiting: This tactic uses temptation to lure a victim. An attacker may leave a malware-infected USB drive lying around hoping a curious employee will plug it into a computer.
  • Honey Trap: This is when fake romantic relationships are used to manipulate people into breaching confidentiality, exploiting emotions rather than digital systems. Attackers gain unauthorised access through clever deception, luring victims into sharing sensitive data. This sophisticated social engineering tactic preys on human vulnerabilities, making it a potent threat.

Although the above listed tactics seem simple and obvious to avoid, it is often the simple and obvious that catches people off guard.

 

Ernest Roper | Membership Manager

 

References:

https://www.seqrite.com/

https://www.mitnicksecurity.com/

« Back to Index