Social Engineering Overview

Social engineering is one of the most popular cybercrime techniques for retrieving private information, access, or valuables from internet users. With this technique, attackers try to exploit a user’s lack of knowledge and manipulate users’ behavior to lure potential victims into providing their data without any clue that they are doing so. 

Social engineering represents a process in which many malicious activities occur through human interactions. This allows attackers, by using manipulation activities, to gain an advantage from expected human behavior. Since psychology plays a huge role in such attacks, users can easily be tricked into making simple but devastating security mistakes. 

The main weapon of social engineering is exploiting human error by using various manipulation techniques. Although all users on the internet can potentially hook up on such attacks, it is usually unsuspecting users that attackers try to lure into exposing sensitive information. Sometimes, the victims can also provide access to restricted corporate systems and services or even spread malware into corporate networks without their knowledge.

Numerous social engineering attack types can be used for stealing sensitive information or causing disruption, such as phishing, baiting, scareware, pretexting, and DNS spoofing.

Some examples of social engineering are:

• Sending an email and deceiving the victim to click the included link to a malicious website.
• Calling users on the phone pretending to be IT support and convincing the victim to provide the personal information required for “planned” database updates.
• An attacker following a badged user into a badge-secured area.
• Physically snooping the victim when entering credentials such as a password, PIN, or a combination on a physical lock.