Though identity theft and impersonation is easy for someone trained in the art of social engineering (as the impersonation scenario above showed), there are ways to detect when this type of break-in is in progress. To counter this security risk, there are a number of red flags to look for when someone outside your organization is asking for information.
Be suspicious if someone calls your organization and requests that something be faxed or emailed back to him or her, but refuses to provide a direct callback number. This tactic works especially well for the social engineer when combined with pushing, rushing, yelling, and even screaming at a member of your staff for the information to be sent without delay.
Intimidation and name-dropping are two other red flags. Don't let your employees be intimidated into giving out information to an irate caller, or one who seems to know the structure of your organization. The social engineer could easily pick up the name of someone in senior management and then, stating that he or she is the manager's spouse, try to obtain additional information about the manager or other members of your organization.
Another red flag is the "odd" request. If a caller asks for information that seems strangesuch as what kind of operating system your network usesthat caller may be someone trying to understand the infrastructure of your network.
Finally, educate your employees on a regular basis about identity theft and impersonation. Hold annual education classes, notify targeted groups during attempts, coordinate responses when scams are identified, and above all, test your readiness and your employees' knowledge.