Appealing for Help

            Appealing for help is playing on the emotions and natural desire
            of many people to want to help out a person that is struggling with
            a problem. An attacker calls a help desk expressing problems with
            accessing certain data that they desperately need for a report for
            management, and ask for help as to why they cannot seem to get
            it to work. The help desk falls for the story and grants them access
            or else provides the information the attacker wanted.



            Technical
            Many attacks today are based on phishing attacks, the so-called
            419  scams,  phone-based  scams,  and  other  technology-based
            methods. Originally many of these came via fax messages or calls
            purporting  to  be  from  official  demanding  information.  Today,
            they often threaten that online banking access will be cut-off, or
            that fraud has been seen on a person's account and require that
            person to provide personal information to prevent that fraud.


            The Cure for Social Engineering

            There is no cure for social engineering except to repeat, over
            and over again, that social engineering attacks and email claims
            of lottery winnings or fraud alerts are all false and must be
            disregarded. It is similar to the way of dealing with childhood
            disease through vaccinations, give people an information session
            that explains what social engineering is, how to react to a social
            engineering attack, and what the consequences are for being
            misled or not following proper procedures. But even with
            vaccination, it is important to have a repeat dose in many cases a
            few years later.