Engenharia social nas redes sociais online: um estudo de caso sobre a exposição de informações pessoais e a necessidade de estratégias de segurança da informação

摘要

The development of social networking sites (SNS) has created a phenomenon known as "hyper mobility esthetics of netizens" that increases of the exhibition of personal information on the Web, it is natural that raises the risks associated with such, especially relative to the application of social engineering techniques. Social engineering is a term that defines some practices used to get access toudinformation, through the breaking systems confidentiality, organizations or individuals, using surveys, cheating or exploiting the trust of people. Faced this scenario, how measure the private information of a particular individual are exposed on the Web? To answer this question, this study aimed to analyze the degree of exposure of information is accessible on the Web. To this end, this research was conducted as a case study with quantitative and qualitative approach, focusing on survey personal and professional information, using consultations to sites and open access Websites. It was used the non-probabilistic sampling and elaborates a metric scale for rating the degree of exposure. We observed that 70% of the samples have a high exposure indicator and 20% extremely high. No individuals surveyed had zero degree of exposure. From this study was possible to demonstrate the facility in searching and gathering information in the online environment. This information is sufficient to subsidize a social engineering attacks. The results obtained allow us to create hypotheses that can be worked on a research of a probabilistic sample and highlight the need to adapt procedures for information security management and implementation of information security policies in the organizational environment.