The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

Disgruntled Employees

There are many reasons why employees may become disgruntled in the workplace. The core reasons are typically broken down to the employee being overworked, underpaid, unappreciated, or passed up for a promotion. Once an employee has become disgruntled, they often enter into an adversarial relationship with their employer. This can often be a one sided situation, as the employee will typically try to hide their level of displeasure to not put their employment at risk.

Increase Coworker’s Displeasure

A common situation for disgruntled employees is for attempts to be made to decrease other employees satisfaction levels. This is done often times without direct intent by the disgruntled employee, as the disgruntled employee is seeking justification for their displeasure through social reinforcement.

Common Methods

  • Spreading rumors
  • Extreme focus on negative items
  • Overall productivity decreasing behaviors

 

Theft

The risk of theft increases with disgruntled employees as they often feel as if they are owed more than they are receiving. In an attempt to correct this perceived discrepancy, theft of various items is very common. Targeted items can range from simple office supplies, to computer hardware, to company intellectual property. Social engineering methods are at times utilized to explain away or cover the disappearance of company assets.

Morgan Stanley

This news story from consumeraffairs.com tells us about how one employee used his knowledge of the company to access proprietary data while working at a competitor.

Statistics

This article found on massachusettsnoncompetelaw.com states that a staggering 60% of employees interviewed admitted to stealing data of one sort or another when leaving a job. Some of the other statistics mentioned are:

“Most common (61%) is old-fashioned theft of paper documents or hard files, followed by downloading information onto a disc (53%), onto a USB memory stick (42%), and sending documents as attachments to personal emails (38%). Interestingly, comparatively few employees ]were taking information by stealing BlackBerrys and laptops. Another quite alarming finding is that approximately 25% of the employees indicated that they were able to access data on a company’s network even after they had departed.”

Another statistic from employeetheftsolutions.com states that 75% of employees steal from their companies and lists the top 10 most important things to employees, showing what they may be disgruntled about.

The U.S. Chamber of Commerce estimates that 75 percent of all employees steal at least once, and that half of these steal repeatedly. The Chamber also reports that one of every three business failures is the direct result of employee theft. According to the U.S. Department of Commerce, employee dishonesty costs American business in excess of $50 billion annually

Leakage of Company Secrets

In many cases, company secrets, include intellectual property but also information such as organizational charts and company events may often be shared with outsiders by disgruntled employees. As disgruntled employees often share their displeasure with others outside the company, information that is being shared often includes sensitive information. The disgruntled employee does not realize this in some instances, and in others this is an intentional effort to “strike back” and the employer.

Use of Social Networks

Disgruntled employees are more likely to share negative company information through the use of social networks, such as LinkedIn or Facebook, then typical employees. Normal employees do not want to be perceived as working at a location that is not high quality, as this will reflect on them. This gives companies a degree of protection from negative information leaking out.

This situation is revered for many disgruntled employees, as they are often eager to share negative information with others. This can be driven to the level of the disgruntled employee positioning neutral to positive news as negative when it is shared through the use of social networks. This creates a long term image problem for the employer.

Protection

In this article found on TechRepublic outlines the steps to protect against a social engineering attack from an internal source. Basically what it boils down to is EDUCATION. The more you educate your employees and staff on what to look for the less likely you are to be caught by a social engineering attack.