The prank call made by the hosts of Sydney-based radio station 2Day FM to the King Edward VII Hospital in London – where the Duchess of Cambridge Kate Middleton has been admitted – highlights the dangers posed by social engineering attacks.While the phone call in which the hosts pretended to be Queen Elizabeth II and Prince Charles might have amused people from all over the world, experts from security firm Sophos highlight the fact that there’s an important lesson to be learned from this incident.
Social engineering is the type of attack in which scammers trick their victims into handing over sensitive information without realizing that their actions might have serious consequences.
As Sophos’ Paul Ducklin highlights, social engineers don’t need a lot of information to achieve their goals.
“They might get a name out of the HR department, but no more. Then a phone number from a helpful colleague, an address from the helpdesk, followed by information about the victim's whereabouts from Facebook or an out-of-office email,” Ducklin explained.
“And that might be enough to trick another organisation or department - the victim's bank, for example, or their IT department - into a more egregious blunder such as transferring money illegally, or resetting a password fraudulently.”
In order to minimize the risks posed by social engineering, experts advise organizations to educate their staff members to refuse to hand out information over the phone. In the end, if the caller insists on getting the information, employees should simply hang up the phone.
Furthermore, every company should have an internal hotline for reporting scam attempts. This way, timely alerts can be issued in case the firm is targeted.