Social Engineering

What is Social Engineering? 

Social engineering is the art of manipulation used to gain access to information or devices. These are practices used in email, text, phone calls, or social media to gain important or sensitive information by deceiving or exploiting your trust, respect for authority, or sympathy.

Social engineering criminals focus their attention at attacking people as opposed to infrastructure. They begin with research; an attacker may look for publicly available information that they can use against you. As you can see below these attacks can come in a variety of schemes but all can be avoided by the tips listed.

 

Pretexting

Scammers create a good “pretext”, or story, to get their foot in the door. Once in, they try to steal your personal information and use it to commit identity theft or stage secondary attacks.
Prevent the attack: Email and/or phone spoofing can mask who is really contacting you. Verify their identity by calling the relevant company directly.

Tailgating

Unfortunately, not the BBQ in a parking lot variety. Tailgating is when an unauthorized individual follows you into a secure area to steal property or information.
Prevent the attack: Watch your back. Even though we work in a "public" space, if somebody has followed you into secured area and it doesn’t feel right, report it to the nearest building or office manager.

Baiting

Baiting is similar to phishing. However, baiting promises goods or items to entice victims. Baiters may offer free downloads or software to trick users into clicking on links or inputting login credentials.
Prevent the attack: Stop to ask yourself if the offer is too good to be true; otherwise, you might end up being the “lucky winner” of a malware infection.

Quid pro quo

Like baiting, quid pro quo attacks promise something in exchange for information. This benefit usually assumes the form of a service, whereas baiting usually takes the form of a good.
Prevent the attack: Question why the company, or person, needs your information. Check if it’s a real offer by calling a publicly posted number for the company.