What is Social Engineering?

Data Security Knowledge Base

Defining and Avoiding Common Social Engineering Threats

Text

Social engineering is a non-technical strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices. The success of social engineering techniques depends on attackers’ ability to manipulate victims into performing certain actions or providing confidential information. Today, social engineering is recognized as one of the greatest security threats facing organizations. Social engineering differs from traditional hacking in the sense that social engineering attacks can be non-technical and don’t necessarily involve the compromise or exploitation of software or systems. When successful, many social engineering attacks enable attackers to gain legitimate, authorized access to confidential information.

The Why and How of Social Engineering

Text

Social engineers are a modern day form of fraudsters or con artists. They may attempt to access computer networks or data stores by gaining the confidence of authorized users or stealing those users’ credentials in order to masquerade as trusted insiders. It is common for social engineers to rely on the natural helpfulness of people or to attempt to exploit their perceived personality weaknesses. For example, they may call with a feigned urgent problem that requires immediate network access. Social engineers have been known to appeal to vanity, authority, greed, or other information gleaned from eavesdropping or online sleuthing, often via social media.

Cyber criminals use social engineering tactics in order to convince people to open email attachments infected with malware, persuade unsuspecting individuals to divulge sensitive information, or even scare people into installing and running malware.

Types of Social Engineering Attacks

Text

Your organization should take steps toward educating employees on the common types of social engineering attacks, including baiting, phishing, pretexting, quid pro quo, spear phishing, and tailgating. While there are technological solutions that help mitigate social engineering (such as email filters, firewalls, and network or data monitoring tools), having an employee base that is able to recognize and avoid common social engineering tactics is ultimately the best defense against these schemes. Here is a breakdown of common social engineering techniques:

Baiting

Attackers conduct baiting attacks when they leave a malware-infected device, such as a USB flash drive or CD, in a place where someone likely will find it. The success of a baiting attack hinges on the notion that the person who finds the device will load it into their computer and unknowingly install the malware. Once installed, the malware allows the attacker to advance into the victim’s system.

Text

Social engineering is a serious and ongoing threat for many organizations and individual consumers who fall victim to these cons. Social engineering awareness is the first step in preventing your organization from falling victim to savvy attackers employing increasingly sophisticated social engineering methods to gain access to sensitive data.

Related reading: