Social Engineering 101: Don’t Get Caught!

What is Social Engineering?  

The term social engineering refers to methods employed by hackers to gain the trust of an end user so that the hacker can obtain information that can be used to access data or systems. Social engineering typically involves impersonating employees of legitimate businesses to manipulate people into supplying information such as passwords or personal details. 

Social engineering can involve phone calls, emails or texts. Sometimes referred to as “human hackers,” social engineers employ a variety of methods to convince users to divulge information, often masquerading as tech support or bank employees. 


How Does Social Engineering Work? 

Hackers develop different tactics to support their social engineering pursuits. Most social engineering attacks follow this path: 

Research the target. The purpose of social engineering is to convince a user that you represent a trusted institution. Social engineers will often attempt to develop a rapport by offering easily obtainable details, such as birthdate or phone number, as evidence of their legitimacy. Much of this information is publicly available, and social engineers typically scout social media to gather this type of vulnerable data. 

Make contact with the target. The attacker makes contact directly with the target. Social engineers use the information they’ve gathered to validate their fake identity. The target is then asked to provide sensitive information the hacker can exploit. 

Attack. Using the details they have covertly obtained, social engineers launch their attack. This could involve accessing systems using acquired passwords, performing a classic case of stolen identity or putting the information to use for personal or political gain.


Types of Social Engineering

Social engineering is a general term that refers to a broad range of manipulation tactics used by hackers to acquire information.

Baiting: Baiting is a social engineering attack where the attacker entices the user with a free item to lure them into clicking on a link. This may come in the form of a free music or movie download lined up with the user’s interests. When the unsuspecting user clicks the link, they become infected with malware. 8

Phishing: Phishing is a type of social engineering attack that uses email, phone or text to entice a user to click on a malicious link. The communication appears to be from a legitimate source connected to the user. When the user selects the ill-intentioned link, the user’s device or system becomes infected with malware and data is often compromised.

Pretexting: This tactic is one more commonly associated with the term social engineering. With pretexting, an individual impersonates a representative from a trusted business with the goal of acquiring sensitive information. This social engineering technique relies heavily on gathering research before initiating contact with the target.

Quid Pro Quo: The quid pro quo attack is a variation of baiting. Often known as the “something for something” social engineering technique, the quid pro quo attack involves promising a service or benefit for complying with the request of an attacker. For example, a social engineer may promise a free software upgrade to entice a user to download what is actually malware to their system.

Reverse Social Engineering: In this kind of social engineering scheme, the attacker convinces a target that they have a problem or issue and then positions themselves with a solution. The target then initiates contact with the social engineer believing that they are able to solve their problem.

Tailgating: This social engineering tactic is a physical attack. With tailgating, a hacker gains access to restricted areas of a building by following an approved employee into the building and piggybacking on their credentials. In these cases, the social engineer often pretends to be an employee or even a delivery person. Whaling and Spear Phishing: These attacks are a variation of phishing and, because they target a specific individual, they require a significant amount of research. In whaling attacks, these individuals are high-profile people, often executives or the C-suite.

How to Prevent and Protect Against Social Engineering 

The best form of prevention against social engineering attacks is end-user training. Teaching your employees how to recognise social engineering tactics and avoid them is of the utmost importance. 

Here are some points to help support your training efforts. 

1. Research any suspicious calls, emails or texts. 

2. Open attachments only from trusted sources. 

3. Immediately delete any emails or texts asking for passwords or personally identifiable information (PII), such as social security numbers or financial information. 

4. Don’t open any emails promising prizes or notification of winnings. 

5. Download software only from approved sources. 

6. Be wary of urgent requests or solicitations for help. 

7. Make sure you have spam filters and antivirus software on your device. 

When in doubt, contact Dynamic Edge to confirm any technology-related requests. 

Have you fone a compliance manager health check? Click here to find out more

Similar articles you might like

What is Azure Virtual Desktop (AVD)?

What is Azure Virtual Desktop (AVD)?

Azure Virtual desktop takes hybrid working to a whole new level by accessing your ‘desktop’ from anywhere on any device. With your computer running from the cloud, it removes the risk of hardware failure, reduces the need to upgrade hardware regularly and removes the...

read more
Hotdesking – The office trend of 2022

Hotdesking – The office trend of 2022

Somehow it is nearly the end of October. I doubt it’ll be at all long until Christmas adverts start to appear. Anyway, 2022 is soon to be upon us (somehow), and here’s hoping it’ll be a year that brings even more normality to our day to day lives. One thing that is...

read more
What’s been happening in DE?

What’s been happening in DE?

North Coat 500 Back in September, Stephen Laurie, Stuart Winterburn, Gordon McRae and David Lappin started their 5-day challenge of cycling the North Coast 500 to raise money for The Archie Foundation. Their journey began in Inverness with checkpoints in Shieldaig,...

read more