What is social engineering? Social engineering is a technique used by attackers to gain sensitive information by deceiving privileged users into revealing information that compromises data security. People will often refer to social engineering as ‘people hacking’. Humans have a trusting nature to them which attackers maliciously use to their advantage. While traditional hacking aims to compromise the security settings of IT systems and applications, social engineering attacks attempt to exploit the users of these technologies.

Social Engineering Relies On:

Peoples Trust

Peoples Willingness to Help Others

Carelessness about Protecting Sensitive Information

Why Attackers Use Social Engineering

Attackers use social engineering techniques because it is usually the cheapest and easiest way to obtain information. The defenses that we have setup to protect us from malware and viruses will not protect us from a social engineering attack. Skilled social engineers will often perform their attacks slowly over time as to not raise suspicion. Once they gather bits and pieces of the organization they will be able to put the puzzle together and exploit the business. Attackers also use social engineering techniques because they are less complex than hacking technologies controls such as firewall/AV. It is important to test your business against social engineering attacks to prevent any breaches. Companies, such as GraVoc, help test, train and prepare businesses for different types of social engineering attacks.

Different Types of Social Engineering

There are many different social engineering techniques that hackers will use to trick their victims. Some of these techniques include phishing attacks, physical breach, pretext calling and pretext mailing. Social engineers can claim to be employees, vendors or support personnel to try and trick workers. Sometimes social engineers even act as a confident manager or executive to try and gain sensitive information. Skilled social engineers are extremely good at adapting to their audience. Below are some of the different types of social engineering techniques that are used by attackers.

what-is-social-engineering-2Phishing Emails

Phishing emails are usually the most successful form of social engineering. This is where hackers will send out fake emails to their victims in hopes of gaining sensitive information. Phishing emails can also contain malicious links that lead to malware infections.

what-is-social-engineeringPhysical Breaches

This type of social engineering technique is where the attacker dresses up to fool an individual. Attackers can impersonate a cable provider such as Verizon or Comcast to try and trick the individual to giving them access to secure locations.

what-is-social-engineering-1Pretext Calling

Pretext Calling is when an attacker makes up a scenario to obtain the information that they need. Pretext Calling often requires trust to be formed between the attacker and the victim.

Tips to Avoid Social Engineering Attacks

One of the best tips to avoiding social engineers attacks is to stay alert and prepared. If you run a business, it is important to treat security awareness and training as an investment.  Being prepared means that everyone follows safe security measures in the event of an attack. Creating a strong security policy is recommended to ensure the safety of your data. Along with being prepared, below are a few simple tips to help keep you safe from social engineering attacks. If your business or organization is looking for social engineering testing, check out GraVoc’s Risk Management & Compliance Services. 

 

  • Be cautious when sharing personal information on social media platforms
  • Never open an email that looks suspicious
  • Never let a stranger connect to your wireless network
  • Don’t give strangers personal information until you can fully trust them and verify where they are calling from
  • Review security policies to stay up-to-date with the latest social engineering techniques
  • Use paper shredder to properly dispose of your printed material

Related articles

 

IRS Issues Warning Against Unusual Phishing Scheme

The Internal Revenue Service is warning taxpayers of an unusual phishing scheme that is going around this tax season. Using stolen data obtained by tax professionals, criminals are filing fraudulent tax returns and depositing them into actual taxpayers’ bank accounts.

read more

Pin It on Pinterest

Share This