Last updated on August 27, 2020
Social Engineering, the act of manipulating someone into divulging information or taking specific action to benefit the bad actor.
The common theme that connects social engineering techniques together, is human nature. Bad actors know how to take advantage and manipulate human emotions to achieve their goals.
Examples of Social Engineering:
- Phishing: Tactics involve deceptive emails, text messages, and the use of websites.
- Spear Phishing: Emails that target specific individuals, organizations or businesses.
- Baiting: A social engineering attack that promises it’s victims a reward.
- Example: A bad actor may leave a USB stick loaded with malware in a place where the target will see it. This can include clever techniques to entice the target by labeling the USB in a way that may compel the target to take the USB and plug it into a computer. A good example of this would be seeing a USB labeled as “Bonuses”, “Confidential”, or “Lay Offs”. Many users would be tempted to try and view the content of that USB while falling right into the hands of the attacker.
- Tailgating: This happens when someone without the proper authentication follows an authenticated employee into a restricted area. Some examples of what this looks like are:
- The bad actor may impersonate a delivery driver and wait outside of an entrance to follow an employee into the building.
- This could also come in the form of impersonating an employee while carrying something that appears heavy. Many people will want to help and hold the door open.
- Pre-texting: This creates a false narrative to obtain information or influence the victims behavior.
- It’s common to see this in the form of impersonation of executives or some other authority figure like the Information Technology department.
Successful Social Engineering attacks happen when our trusting nature is exploited. Whether its holding a door open for someone who looks to be struggling due to holding heavy boxes, or to wanting to assist an emotional customer on the phone who is struggling to access their bank account to pay their bills. All of these scenarios are something a bad actor could and will try to use to their advantage to achieve their goals.
Remember, trust but verify.