Cyberattacks and Beyond


AKA Social Engineering

In today’s security landscape, the attacks we see the most involve a human element rather than a virus sneaking around a computer unknown to its user, though those still happen quite often! We call this practice social engineering, which is where a “hacker” manipulates individual users to gain access to their devices, money, or even identity! Contrary to common notions of a “hacker,” social engineers are often personable and friendly, as they try to gain the trust of their victims. You may know them as con artists, and they have been around MUCH longer than hackers.

Generally speaking, there are 3 steps to a social engineering attack:

1. A social engineer finds information about a person or organization by looking online

  • Name, social media accounts, relatives, interests, bank, etc.
  • An organization’s weak points

2. Using this information, the social engineer works to build trust with a victim, usually by pretending to be someone they’re not

3. Leveraging this trust, they will manipulate the victim into granting them access to sensitive information or locations

Many social engineering attempts can be recognized by looking for a few key indicators, including:

Urgent Requests
Strange messages from friends/family
Too good to be true offers
Random offers of help
Heightened emotions
Anywhere a sender cannot verify their identity
Website and-or logo irregularities
Spelling and-or grammar errors

Social engineering is an umbrella term for many different kinds of attacks — including phishing! For more information about different types of social engineering attacks, click the links below.