Table of Contents
Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations or for financial gain.
Social engineering defined Cybercriminals who conduct social engineering attacks are called social engineers, and they’re usually operating with two goals in mind: to wreak havoc and/or obtain valuables like important information or money.
How do social engineering attacks work?
A social engineering attacker fabricates a pretext that is familiar to targets, and then preys on their cognitive biases to lull them into a false sense of security and trust. In short, the attacker assumes an alter ego that targets are expected to trust inherently.
What are two types of social engineering attacks?
Social engineering attack techniques
- Baiting. As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity.
- Scareware. Scareware involves victims being bombarded with false alarms and fictitious threats.
- Pretexting.
- Phishing.
- Spear phishing.
Three Types of Social Engineering Attacks to Know
- 1) ONLINE AND PHONE. Phishing scams and smishing (fake SMS/text messages) are trick users online and over the phone into giving up sensitive information or money.
- 2) HUMAN INTERACTION.
- 3) PASSIVE ATTACKS.
- YOUR BEST DEFENSE.
Social engineers target your emotions and relationships to gain access to valuable information and your network. These can be one-off attacks, or some social engineers take the time to formulate relationships with their victim making them even more dangerous. Social engineering often takes less time than automated software.
What are the steps of a social engineering attack?
Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack.
How is social engineering used to trick people?
Social engineers often use spear phishing tactics to trick employees. Spear phishing are highly targeted phishing attacks. Instead of sending a phishing email to one hundred recipients, spear phishing emails are sent to one person or a very small group of people.
Pretexting is usually paired with spear phishing as the attention-getter. It’s a tactic that builds a compelling context or pretext around the social engineering scenario. An email from your “boss” is a common pretext scenario.