In part one of this series on Social Engineering, it was discussed how cyber criminals have shifted their focus away from pure technological attacks to attacking employees through the use of social engineering, a collection of techniques used to manipulate people into performing actions or divulging confidential information. The article also reviewed recent court rulings to illustrate that computer fraud and funds transfer insuring agreements in traditional crime policies may not provide coverage in the event of a social engineering claim.

In the second part of this series, examples of schemes employed by social engineers and how to design and implement comprehensive security practices to mitigate the risk of a loss are identified.