As National Cybersecurity Awareness Month comes to end, you may have heard the term “social engineering” thrown around by experts in the industry. But what is social engineering, and why should you pay attention to it? The consultants at Imagineering have put together a few things that might be of interest to you when learning about social engineering.
What is Social Engineering?
Social engineering is the profession of hackers who manipulate or deceive someone in order to gain information and control over their computer system. These hackers, or social engineers, might use phone, email, snail mail, or direct contact methods to gain illegal access to accounts.
What is especially important to understand is that social engineering is not the result of exploiting vulnerabilities in technology. Rather, the focus lies on victimizing the emotions of people. Social engineering email threats are just that — threats. It is never a polite email asking for you to reply “whenever you get a chance.” It will always convey a sense of urgency or instill fear. Some even may appeal to greed or curiosity.
Social Engineering Examples
Phishing, spear phishing, and CEO Fraud are all examples of social engineering, and all rely on the art of impersonation.
1. Phishing & Spear Phishing
Through phishing attacks, hackers will pretend to be a person (or company) that you trust in order to capture usernames, passwords, and/or financial information. Phishing often comes in the form of a bulk email. Spear phishing is when a hacker focuses in on you or your company, so the research they have done on you can make it look that much more legitimate.
2. CEO Fraud
Similar to phishing, hackers know that by impersonating someone you respect, they might be able to get the information they want. By impersonating C-Suite executives, they create communications that look and feel like the company’s leadership style and easily gain the trust of employees.
3. Social Media Impersonation
One of the more recent additions to the social engineering game has been social media impersonation. You may have even gotten a friend request recently from someone that you thought you were already friends with. That’s because social engineers create fake social media accounts that look like people, or companies, that you trust. They often take the profile picture of an unlocked account and try to add their friends as their own just to message them later to gain the information they want.
Security Awareness Training for Social Engineering Attacks
Social engineering is not something you can ignore and hope for the best. The first step in protecting your business is training your users to spot phishing attacks. Security Awareness Training is what helps your business build a human firewall. With this, you can have peace of mind that your last line of defense (your employee) is well-trained and empowered to spot these attacks.
Having the right network security partner can also help protect you from these attacks. Imagineering is proud to be a KnowBe4 partner, the leader in Security Awareness and Training Solutions in 2020. For only a few dollars per user per month, we can help create fully automated randomized phishing attacks for you to train and test your employees while keeping your business and data safe from social engineering.