Social engineering is a form of psychological manipulation used to trick users into making security mistakes or supplying sensitive information. This allows hackers access to things like bank accounts or credit card information. Hackers will gather knowledge about their victim, using a variety of sources such as social media profiles or other public information in order to gain trust and credibility with their victims. Social engineering is a blanket term that covers many different types of hacking. This can involve anything from breaking into a secure location to steal information to sending phishing emails.
Some of the different types of social engineering include:
Baiting is a technique of social engineering that involves using false promises to garner a victim’s interest or curiosity. An example of this would be leaving a flash drive with malware installed in a public location. The victim, curious as to what it is or who it may belong to, picks it up and accidentally downloads the malware onto their computer, allowing the attacker to access personal information.
Scareware bombards a victim with false alarms or threats, such as a multitude of popup ad banners appearing on the screen. The victim then installs what they believe to be antivirus software that is disguised malware from the attacker that allows them access. Scareware is also often referred to as fraud ware or deception software.
Pretexting is when attackers create a pretext, or a false scenario, they can use to steal a victim’s personal information. They may impersonate a trusted individual and claim to need specific details from a victim to confirm their identity. This type of social engineering requires a level of trust to be built with the victim, so that they are willing to supply personal or sensitive information. This is commonly referred to as a cover story. The attacker pretends to be someone like a maintenance staff member to gain access to protected locations in order to get to the information they want.
Many social engineering attacks manipulate people using fear but being mindful of this can help to keep you and your information safe. If you come across an email, an offer displayed on a webpage, or a situation that seems suspicious, trust your gut! Staying alert, aware, and up to date can help to protect you against social engineers or other hackers. There are also many types of antimalware programs that can help filter out spam messages, or training programs that can teach vigilance and better security practices.