And How Can I Protect Myself and the Company?
By Clint Ebarb, Ames Information Security Administrator
In cybersecurity, social engineering is the process by which a hacker manipulates someone to gain private information from them. By building a person’s profile, they can use the information to take over a computer system or access accounts.
With the rise of artificial intelligence, hackers can collect an increasingly broad scope of information about individuals. Using this information, an AI system can create deepfakes that manipulate a person’s voice, image, or message.
By understanding more about social engineering, you can protect your online and offline assets.
Types of social engineering attacks
There are a few different types of social engineering attacks. Below are some of the most common forms of social engineering you might run into or hear about.
Phishing
Phishing occurs when an attacker deceives someone into thinking they’re trustworthy to obtain sensitive information. It often looks like an email or message sent from a legitimate source, like a bank account or postal carrier, asking for a password, credit card number, or other private information.
Pretexting
Pretexting is when an attacker uses a fabricated scenario (the pretext) to manipulate someone to give away sensitive information or do something that would compromise security. In this type of attack, the attacker often poses as someone in a position of authority, like a manager or service provider, and asks for a password or personal data.
Baiting
Baiting occurs when an attacker lures their target into a trap by enticing them with something like a free download. The attacker attaches malware to the bait, compromising the victim’s security.
Tailgating
This type of social engineering happens in person when an attacker gains unauthorized access to a restricted area by closely following someone with access. By relying on an individual’s courtesy or trust to hold the door open for them, they are able to gain access to sensitive information or systems.
Inside man
Finally, the “inside man” of social engineering refers to someone with legitimate access to a company or organization who compromises it to facilitate unauthorized activities. They exploit insider knowledge to hackers and provide access or data to carry out an attack. This technique is one of the most dangerous types of social engineering because it is difficult to detect.
Common techniques used in social engineering
As you can gather from the types of social engineering shared above, the most common techniques include impersonation, manipulation, and deceit. Attackers prey on individuals by using a false sense of urgency or fear to encourage the victim to hand over sensitive information that can be used to access an information system or financial account.
How to protect yourself
The best way to protect yourself is to be aware of the common types of social engineering and be alert when you think someone may be using one of these techniques.
- Always verify the identity of a person or organization who contacts you. Double-check the email addresses from messages that ask for sensitive information. Do not open attachments from sources you do not know.
- Use strong, unique passwords for each account and two-factor authentication for your most protected accounts, such as an email or bank account.
- Always err on the side of caution when receiving unusual or unsolicited requests for information.