Social Engineering

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.

Most cybercriminals are master manipulators, but that doesn’t mean they’re all manipulators of technology — some cybercriminals favor the art of human manipulation.

In other words, they favor social engineering, meaning exploiting human errors and behaviors to conduct a cyberattack. For a simple social engineering example, this could occur in the event a cybercriminal impersonates an IT professional and requests your login information to patch up a security flaw on your device. If you provide the information, you’ve just handed a malicious individual the keys to your account and they didn’t even have to go to the trouble of hacking your email or computer to do it.

As with most cyber threats, social engineering can come in many forms and they’re ever-evolving. Here, we’re overviewing what social engineering looks like today, attack types to know, and red flags to watch for so you don’t become a victim.

Follow us on social media

Sample text. Lorem ipsum dolor sit amet, consectetur adipiscing elit nullam nunc justo sagittis suscipit ultrices.