Cyberattacks and Beyond

AKA Social Engineering

In today’s security landscape, the attacks we see the most involve a human element rather than a virus sneaking around a computer unknown to its user, though those still happen quite often! We call this practice social engineering, which is where a “hacker” manipulates individual users to gain access to their devices, money, or even identity! Contrary to common notions of a “hacker,” social engineers are often personable and friendly, as they try to gain the trust of their victims. You may know them as con artists, and they have been around MUCH longer than hackers.

Generally speaking, there are 3 steps to a social engineering attack:

1. A social engineer finds information about a person or organization by looking online

  • Name, social media accounts, relatives, interests, bank, etc.
  • An organization’s weak points

2. Using this information, the social engineer works to build trust with a victim, usually by pretending to be someone they’re not

3. Leveraging this trust, they will manipulate the victim into granting them access to sensitive information or locations

Many social engineering attempts can be recognized by looking for a few key indicators, including:

Urgent Requests

Strange messages from friends/family

Too good to be true offers

Random offers of help

Heightened emotions

Anywhere a sender cannot verify their identity

Website and/or logo irregularities

Spelling and/or grammar errors

Social engineering is an umbrella term for many different kinds of attacks — including phishing! For more information about different types of social engineering attacks, click the links below: