Social engineering is the act of tricking someone into divulging information or taking action to gain access to confidential information
The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions.
To access a computer network, the typical hacker might look for a software vulnerability. However, a social engineer could pose as a technical support person to trick an employee into divulging their login credentials. The fraudster is hoping to appeal to the employee’s desire to help a colleague and, perhaps, act first and think later.
Nothing new; was identified by world-famous hacker turned good-guy, Kevin Mitnick, over twenty years ago.
Social Engineering Examples
Criminals will often take some time to prepare an attack by collecting intelligence about their proposed target. Their preparation might include obtaining a company phone list or organization chart. It will consist of researching information about employees on popular social networking sites such as but not only, LinkedIn, Facebook and Twitter.
On the phone
A social engineer might call and pretend to be a fellow employee or a trusted outside authority (such as law enforcement or an auditor).
In the office
“Can you hold the door for me? I don’t have my key/access card on me.” How often have you heard that in your building? While the person asking may not seem suspicious, social engineers use this common tactic.
Social networking sites have made social engineering attacks easier to conduct. Today’s attackers can go to websites like LinkedIn and find all of the users who work at a company and gather plenty of detailed information used in an attack.
Social engineers also take advantage of breaking news events, holidays, pop culture, and other devices to lure victims.
Scammers often use fake charities around bank holidays to exploit goodwill and test awareness knowledge of an intended victim.
There are many different means of social engineering exploitation, as techniques change every day.
The most critical concept though is to appreciate the risks are real and make sure you are alert, and knowledge is up to date.
Less well-informed victims often fall prey to simple attacks that are obvious to more knowledgeable folk
All of us will have read or heard about scams and social engineering in press and media reports. The key for all of us is to be informed, be trained and stay alert.
Social Engineering Tips:
“Think before you click” in your email.
“Do I know who is on the phone before giving any information?”
“Don’t post your details that you are on holiday on your social platforms – you might as well tell a burglar you are not at home.”
Don’t take any chances, we can help