Social engineering, in the context of information security, is the art of manipulating people so they give up confidential information. This is a type of confidence trick for the purpose of vital information gathering. It is a term that describes a non-technical attack that relies on human interaction and tricking people to break normal security procedures.
Criminals have been using social engineering tactics because it is comparatively easier that other attacks. It is one of the most successful attacks, because its victims innately want to trust other people and are naturally helpful. The victims of social engineering are tricked into releasing information that they do not realize will be used to attack a computer network. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Often, an attack is not specifically about your account but about using the access to your information to launch a larger attack. And while having someone gain access to your personal email might not seem like much more than an inconvenience and threat to your privacy, think of the implications of an attacker gaining access to your social security number or your medical records or launch an attack on your company’s network.
To avoid becoming a victim of a social engineering attack:
The most important thing you can do to prevent being socially engineered yourself is to always be as vigilant as you can and being aware of common tricks puts you one step ahead of the game.
- Be suspicious of unsolicited contacted from individuals seeking internal organizational data or personal information.
- Do not provide information about your organization.
- Pay attention to website URLs that use a variation in spelling or a different domain (e.g., .com vs. .net).
- Verify a request’s authenticity by contacting the company directly.
- Install and maintain anti-virus software, firewalls, and email filters.
- Do not provide personal information or passwords over email or on the phone.
Just to give you an idea of how easy it is to accidentally give out your password, watch this video:
If you found this blog useful, please share with others:
Abu Sadeq
Abu Sadeq is currently the Founder and CEO at Zartech where his mission is to empower organizations to obtain greater cybersecurity maturity. Abu is a certified Chief Information Security Officer (C|CISO) and has a Master of Science degree in Management Information Systems from the University of Texas at Dallas. He has diverse industry experience in Aerospace & Defense, Chemical, Telecom, Healthcare, Oil & Gas, and Consumer Goods. Abu has extensive experience in creating strategies and plans that define IT/Security operational excellence. Abu is also the creator of Cyberator® a sophisticated cybersecurity, governance, risk, and compliance solution.