Social engineering is the use of deception to manipulate people into divulging confidential or personal information that may be used for fraudulent purposes. What does this mean? It means that Social engineering attacks are not technical attacks, they are people attacks. Cyber thieves are looking to exploit people and their behaviors to take advantage of their position and access. Instead of looking for a vulnerability in a firewall or a password, the cyber thief will try mislead someone into giving them the information they need.
All too often, Companies try to apply a technical solution to this non-technical challenge. While there may be technical solutions to help protect you, at the end of the day it comes down to your people, the decisions they make, and the actions (or lack of) that they take. With this being said, It is important to understand the nature and types of social engineering attacks to properly develop a security strategy to keep you and your data safe.
Cyber thieves are trying to use our emotions of FEAR, GREED, CURIOSITY, HELPFULNESS, and URGENCY to attack you and your data. They play on these emotions with their sophisticated attacks. In the list below, you will find five common social engineering attacks. Each of these attacks are used to target any of these five emotions.
Common Social Engineering Attacks:
- Baiting (quid pro quo): an online and physical social engineering attack that promises the victim a reward.
- Tailgating: relies on human trust to give the criminal physical access to a secure building or area.
- Phishing: tactics include deceptive emails, websites, and text messages to steal information.
- Pretexting: uses false identity to trick victims into giving up information.
- Vishing: urgent voicemails convince victims they need to act quickly to protect themselves from arrest or other risk.
Looking forward, we will explore each of these five social engineering attacks in detail. I will provide you with examples of each attack method and how you can protect yourself from becoming a victim of a cyber thief.