Everything there is to know about Social Engineering (FAQ’s)

Social engineering is a threat to all businesses and organisations, no matter how large or small. With one in three data breaches involving social engineering, it is vital for your business to understand what social engineering is and the tactics used by criminals.

What is social engineering?

Social engineering is a technique that exploits human error, leading many to refer to it as human hacking. The end goal of criminals using this method is to attain private information, valuables, or access to systems. Its online form may be leveraged to spread malware, expose sensitive data, or gain network access.

Rather than deploying a brute force approach, the attacker will usually persuade the victim into compromising themselves through a strategy of deceit or impersonation.

Types of social engineering

Phishing is the most prevalent form of social engineering, with the attacker impersonating a real person, system, or company, via phishing emails, websites, web ads, or chat. Baiting attacks entice users to reveal their login information, maybe by offering a free download in exchange. The download itself can include malicious software.

A social engineering attack that follows the principles of tailgating is to ask to borrow an online device, such as a laptop, with the attacker then installing malicious software. Pretexting is another form of social engineering to be aware of and builds trust ahead of phishing attacks by impersonating a co-worker or authoritative figure to add legitimacy to any request for data or login credentials.

Examples of social engineering

Social engineering attacks all have one thing in common; they focus on exploiting human emotion. Fear is a common example and might include informing the victim that they are under investigation for tax fraud or owe tax.

Other human emotions that are preyed upon include helpfulness, curiosity, and urgency. Common approaches include asking for information to ensure the individual gets paid on time, using stories that are in the news, and setting a short deadline to take action or respond.

Is social engineering illegal, and what is the penalty?

Social engineering is illegal and is a form of fraud. There are severe legal penalties for people who are convicted, including fines and jail terms.

What is the most common method of social engineering?

Phishing attacks are the most common method of social engineering and can take place through social media, emails, SMS, or instant messaging. Messages may appear genuine and include copied content, images, logos, and styles from trusted sources.

Any of these messaging and communication forms can encourage individuals to click on malicious links. These links are often disguised by shortening the URL or by including embedded links that redirect to a cloned website or a domain with malicious code.

Why is social engineering dangerous?

Social engineering is dangerous because it exploits human error rather than relying on finding a fault or weakness in software, applications, or networks. Cybercriminals are prepared to spend time and resources researching potential victims, looking for opportunities in their behaviours or the policies of the company that employs them.

How to prevent social engineering attacks

The most effective defence against social engineering is education. To find out how Omnicyber Security can assist you in defending against social engineering attacks or to arrange social engineering penetration testing, please contact our team.

Contact us

Related Articles

encryption

What does Salting the hash mean (is it effective?)

Passwords are the cornerstone of security, preventing unauthorised access to your network, applications, and customer accounts. The challenges of password security include storing them. If you store passwords in a database as plain text, anyone who gains access to the database can read them, just like the words in this explainer. Salting the hash is a technique that protects against this vulnerability.

Find Out More