Social Engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim.
Listed below are some common methods of social engineering:
Phone Calls: Someone pretends to be in authority and asks for sensitive information. If you can't verify the identity of the source asking for your personal information, you should be very cautious about the transactions.
Voice mails: Someone may leave a message from an “official” agency asking you to call a number or go to a particular web site. Never provide personal information unless you have initiated the contact and have confirmed the business or person's identity.
Mail: Bogus mail solitations (i.e., sweepstakes) ask for private information that could be used to steal your identity. Be skeptical of offers that seem "too good to be true". They usually are.
IS YOUR PORTABLE DEVICE SECURE?E-mail: Emails can be sent from a fraudster. Such phony emails are disguised as legitimate, and often include company logos that look real. Do not provide sensitive data to someone via email.
Physical Presence: Someone pretends to be a part of the organization and gains access to restricted areas. For example, ask for ID and know who you are letting access your computer for repair.
Free Goodies: Free computer hardware or software can contain virus or key logging software. For example, a free USB thumb drive could contain a Trojan that, when run, can collect passwords, logins and machine-specific information from the user’s computer, and then email the information back to the fraudster. Know who you are getting your software and hardware from.
Portable devices include Blackberry communication devices, PDAs such as Palm and IPAQs, and cell phones. Blackberries pose a significant threat if they are not properly secured. The most common failing is the lack of a password on a Blackberry. A simple test to check that a blackberry has a password is to shut the Blackberry off and turn it back. If it does not prompt you for a password, then this device can be easily compromised. Blackberries are often carried in a jacket pocket. The jacket may be hung on a door where someone can steal the device from the pocket. PDAs and some cell phones also contain sensitive data. The new Palm Treo combines a cell phone with a PDA and is very similar to a Blackberry. Many people use their personal PDAs or cell phones with Pocket PC, such as the Treo, for business purposes. When they leave the company, this corporate data may go with them. The chip in the PDA will also greatly increase the storage capacity, so the possibility of large amounts of confidential data being in the hands of a disgruntled terminated employee arises. Hence, the use of personal PDAs, cell phones and other similar devices for business use should be limited and monitored.
Source: http://www.canaudit.com/Perspectives/Volume7-Issue1.pdf