What is Social Engineering? Understanding Digital Deception
A blog post by Cyber Search.
Introduction to Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software that will give them access to your passwords and bank information as well as giving them control over your computer.
Common Tactics of Social Engineers
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak). Email from a friend or colleague asking you to check out an attachment or to click on a link can end up being dangerous if it turns out the email was not actually sent by them but by a criminal. Once the attachment or link is opened, they can take control of your machine or your accounts.
Protecting Yourself from Social Engineering Attacks
Protection is the key to combat social engineering. First, be skeptical of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information. Second, if you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Lastly, install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.