Social engineering is the act of manipulating and fooling unsuspecting victims into sharing confidential and/or sensitive data with bad actors. Social engineering attacks typically involve forms of psychological manipulation by using emails and other communication channels to invoke fear, urgency, or similar emotions in the victim. Social engineering attacks can take place on and away from victims’ computers. Give yourself an immediate cybersecurity boost with these tips.
- Phishing. Phishing attacks disguise fraudulent emails, text messages, and websites to trick you into confidential information by clicking on a link or opening an attachment. Be vigilant for poor spelling and grammar, impersonal greetings, requests for personal information, mismatched URLs, and unrealistic threats in your emails to prevent your passwords and confidential information being compromised by bad actors.
- More phishing. Attackers also use sophisticated phishing methods such as spear-phishing (in which attackers may impersonate trusted individuals share inside information), whaling (in which attackers use spear-phishing tactics to target high-profile targets), or vishing (in which attackers use caller ID impersonation and pre-recorded automated instructions over telephone systems to gain access to confidential information).
- Baiting is the act of attempting to trick victims into supplying confidential and/or sensitive data in exchange for a gift or otherwise enticing offer. Only use websites you’re sure are safe, only download attachments and software from trusted sources, and avoid inserting physical media into your computer if you don’t know its contents or origin.
- Quid pro quo attacks are the act of manipulating unsuspecting victims into sharing confidential information in exchange for a benefit or service (unlike baiting, which typically offers a gift). Be vigilant by challenging individuals attempting to gain access to physical or IT resources to validate their identity.
- Pretexting is the act of manipulating victims using carefully created and credible scenarios with which to build a false sense of trust with the victim. Avoid sharing your confidential information with people you don’t know (reputable organizations won’t ask you for your password online or over the phone), challenge individuals attempting to gain access to physical or IT resources to validate their identity, and don’t give untrusted parties access to physical or IT resources.
- Tailgating attacks are the act of bad actors following (or ‘piggybacking’) employees into areas to which they don’t have the proper access privileges. Be vigilant when holding doors to restricted areas open for other people and challenge people attempting to access restricted areas to validate their identity.