Social engineering techniques are various methods used by hackers to get access to people’s personal information. In most situations, such techniques are considered unethical because they allow social engineers to deceive computer users and take advantage of their trust, low awareness, and lack of suspiciousness. Overall, to collect information from the identified organization, it is essential to focus on its weaknesses, including health violations, an enormous turnover, and an extended area occupied by the company. Thus, the following methods can be used: bribery, impersonation, and conformity.
To begin with, it is necessary to explore how bribery can be effective when attacking the selected company. Overall, as noticed by Basta et al. (2014), when using this technique, “the hacker pits an employee’s greed against his or her loyalty to the organization” (p. 22). Bribery is more likely to work when a worker is unsatisfied with the firm. Since the identified organization has a massive turnover, it is possible to suggest that the level of employee satisfaction is quite low. Further, conformity can be effective for the same reason: the hacker can “use this sense of conformity to convince victims that they have a lot in common and that they share the same values” (Basta et al., 2014, p. 22). Consequently, since not many employees seem loyal, they can share secure information with the attacker.
Further, impersonation can also be rather efficient for getting access to private information. For instance, since the company has health violations, it is possible for a hacker to pretend to be a health inspector and request access to relevant data. Once this access is granted, the hacker can use the organization’s computers to get the secured information they need. What is more, since the company has many employees who often change, and the area it occupies is quite large, it is unlikely that all workers know each other. Consequently, it should be easy for the hacker to pretend to be an expert or an IT professional and intrude on the firm.
Reference
Basta, A., Basta, N., & Brown, W. (2014). Computer security and penetration testing (2nd ed.). Cengage Learning.