What is Social Engineering

What is social engineering?

Social engineering refers to the act of influencing a person. It involves attempting to gain the victim’s trust in order to obtain personal data or confidential information. This includes passwords, addresses, or account details, which hackers can use to make transfers without the victim being able to do anything about it. In most cases, the crime is only noticed when it is already too late.

Such methods have been used for years, one of the best-known social engineering methods being the grandchild scam. This is still used today to swindle elderly people out of their money, with the perpetrator pretending to be a grandchild in urgent need of money. Many fall for it and transfer the money to the fake grandchild, who then never gets in touch again and the hacker disappears with the money.

The scammers are often so convincing in their role that many people fall for it. Similar tricks are also used on companies, but this requires a lot of background information and usually an interface to the company, such as an employee’s email address or login details.

Types of social engineering

Phishing

  • Aimed at a broad audience
  • Another type of social engineering phishing is Whaling
  • The attacker’s goal is to obtain sensitive data
    • Read the article on Phishing

Baiting

  • Enticing advertisements or online advertising
  • False promises to obtain personal data

Protection against social engineering

  • Data: Never disclose private and professional data to dubious websites or individuals.
  • Mindfulness: Always check the sender and ensure that the source is confidential.
  • Spam filters: Good spam filters can help to identify emails with dubious senders and content at an early stage.

Typical social engineering incident

Anna MĂĽller from the accounting department received a call from a man claiming to be an IT employee. He asked her to install software to fix an alleged computer problem. Anna followed his instructions and the fraudster gained access to sensitive company data. The next day, unauthorized money transfers were discovered. The incident was a wake-up call that prompted the company to implement additional security measures and training.

  • The correct thing to do would have been for Anna MĂĽller to ask the IT employee more questions to make sure that it was indeed the correct IT department.
  • Anna should not have installed software that came from an unknown source or that she was not sure was trustworthy.
  • Regular training and awareness-raising on how to recognize social engineering techniques could have helped her spot the scam.

Similar Posts