Cyberattacks and Beyond
AKA Social Engineering
In today’s security landscape, the attacks we see the most involve a human element rather than a virus sneaking around a computer unknown to its user, though those still happen quite often! We call this practice social engineering, which is where a “hacker” manipulates individual users to gain access to their devices, money, or even identity! Contrary to common notions of a “hacker,” social engineers are often personable and friendly, as they try to gain the trust of their victims. You may know them as con artists, and they have been around MUCH longer than hackers.
Generally speaking, there are 3 steps to a social engineering attack:
1. A social engineer finds information about a person or organization by looking online
- Name, social media accounts, relatives, interests, bank, etc.
- An organization’s weak points
2. Using this information, the social engineer works to build trust with a victim, usually by pretending to be someone they’re not
3. Leveraging this trust, they will manipulate the victim into granting them access to sensitive information or locations
Many social engineering attempts can be recognized by looking for a few key indicators, including:
Social engineering is an umbrella term for many different kinds of attacks — including phishing! For more information about different types of social engineering attacks, click the links below.