Social engineering, also called human hacking, is when an attacker uses social skills or psychological manipulation to deceive people into providing/divulging confidential corporate data or personal information that is then typically used for fraudulent purposes.
Scams and impersonation attacks are two of the most common types of social engineering and come in many forms, but have common characteristics.
- A Scam is: A deceptive scheme or trick used to cheat someone out of something.
- Impersonation is: The act of pretending to be someone else, with intent to mislead or deceive.
Social engineering can come in many forms, including, but not limited to:
- Emails
- Malicious websites
- Social media interactions
- Improperly discarded documents
- Phone calls
- Texts
- Job postings
Common characteristics of social engineering include, but are not limited to:
- Approached from a position of authority
- Request for something of value
- Sense of urgency
- An offer that seems too good to be true
- Request to keep communication secret
- Content or a subject that generates curiosity
Guarding Against Social Engineering
- Be cautious about sharing personal information about yourself, especially on social media and when interacting with people you don’t know well.
- Recognize the signs of phishing. Avoid clicking on links in emails and text messages and always be cautious when opening email attachments, even if you recognize the sender.
- Where available set up and use Multi Factor Authentication (MFA) as an added layer of security.
Be Aware of Social Engineering to Prevent Your Data from Disappearing!