What is social engineering? Social engineering is the use of deception in order to manipulate people into giving up private information that can be used for fraudulent activities.
Some examples of social engineering include phishing, pretexting, and tailgating.
Phishing is when malicious emails or messages are sent out in order to steal your information if you click on them or respond to them. Phishing attacks can come in the form of a fake but authentic-looking bill sent to your email. If you click on a provided hyperlink (which often reads “Resolve my issue” or “Pay my bill”), you could be brought to a convincing imitation of a trusted website. From there, if you enter any credentials into the site, that is when the hacker steals your information. We’ve actually written a guide on how to identify phishing attacks, and we encourage you to take three minutes to review it.
Pretexting uses a false identity or story in order to trick people into giving out their information. To start, a pretext is when someone uses information that is not accurate and can be used to mislead or conceal the true rationale behind an action. So, with a social engineered pretexting attack, the scammer creates a fake but convincing account or scenario to try to pressure a victim into handing over what they want.
Tailgating is the process of gaining access to a restricted location without the proper authentication. It is done by walking closely behind or “piggybacking” off of a person who does have authorization or by otherwise tricking that person into allowing the scammer access. Tailgating could also be considered a form of shoulder surfing. Shoulder surfing is when a person hovers over your shoulder to steal any personal information. Examples include looking over a person’s shoulder at an ATM to see their PIN and watching someone fill out a form in a crowded area.
An Easy Slip-Up For Anyone
These attacks can prey on people’s inherent trustworthiness, their lack of awareness, or both. Even those who are more skeptical of others can become a victim of social engineering. After all, these attacks are meant to be convincing, and it doesn’t take much of an effort become a victim. Clicking a link, holding a locked door open for someone, or not covering your PIN at the ATM—all of these actions take mere seconds, yet they are potentially dangerous.
Businesses need to be concerned about social engineering because it’s not just individuals that can be affected. Take a phishing attack, for example. If an employee opens a fraudulent email that ends up infecting their workstation with a virus, then the data on that device and possibly your whole network can be compromised. A successful phishing attack can also open the door to ransomware attacks, a growing threat in the world of COVID-19 (as Garmin discovered firsthand in July). An attack like this can result in millions of wasted dollars as well as a serious hit to your reputation.
In order to prevent this from happening, companies need to understand what social engineering is and how it can happen to them. Companies should also implement trainings for their employees and teach them how to protect themselves from becoming the next victim of an attack. And while a successful social engineering attack isn’t necessarily a victim’s fault, training does help prevent attacks from succeeding because there is no longer a lack of knowledge on the subject.