Social EngineeringThis is a common

Social Engineering
This is a common form of cracking. It can be used both by outsiders and by people within an organization. Social engineering is a hacker term for tricking people into revealing their password or some form of security information.
Users should be made aware of various security issues, even those that are not common. A common example of social engineering would be where a hacker sends e-mail to an employee, claiming to be an administrator who needs the employee's password to do some administrative work. The normal user who has not been taught about security might not know the difference between the actual administrator and the imposter administrator, especially in a large organization. Other variations of this type of social engineering would be where someone claiming to be the administrator phones a user and asks for the user's password and logon credentials. The user unwittingly gives out the logon and password and the imposter now has full access.
"Shoulder surfing" is also common among hackers and users who wish to learn someone's password. In this case, they hang around a user's desk, talking and waiting for the user to type in a password. Company employees with malicious intent could also do this. Users should be informed not to type in their passwords in front of others or, if they have and suspect that someone else now has their password, that they should change the password immediately.
Another form of social engineering is guessing a user's password. When people can learn things about certain users' personal and social lives, they can use this against them. For example, users might choose a daughter or son's name or birth date or a friend's name as a password. Users also often use passwords that they can read on their desks or on posters in the work area. This gives the hacker a chance at guessing the password.