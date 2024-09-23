On the Site:
Sep 23, 2024, 2:19 PM | Updated: 2:22 pm

Photo: Adobe Stock

BY LES OLSON


This article about social engineering is presented by Les Olson IT, Your Office Technology Partner. 

Introduction

In cybersecurity, social engineering is the process where a hacker manipulates someone to gain private information from them. By building a person’s profile, they can use that to take over a computer system or access accounts. 

With the rise of artificial intelligence, the scope of the information hackers can find now is becoming prominent. An AI system can then create deepfakes of people that can manipulate a person’s voice, image, or message.

By understanding more about social engineering, you can protect your online or offline assets. 

Types of Social Engineering Attacks

There are a few different types of social engineering attacks. Below are some of the most common forms of social engineering you might run into or hear about. 

Phishing

Phishing occurs when an attacker deceives someone into thinking they’re trustworthy to obtain sensitive information. It often looks like an email or message sent from a legitimate source, like a bank account or postal carrier, asking for a password, credit card number, or other private information. 

Pretexting

Pretexting is when an attacker uses a fabricated scenario (the pretext) to manipulate someone to give away sensitive information or do something that would compromise security. This type of attack often looks like the attacker posing as someone in a position of authority, like a manager or service provider, and asking for a password or personal data. 

Baiting

Baiting occurs when an attacker lures their target into a trap by enticing them with something like a free download. The attacker attaches malware to the bait, compromising the victim’s security.

Tailgating

This type of social engineering happens in person when an attacker gains unauthorized access to a restricted area by closely following someone with access. They often rely on an individual’s courtesy or trust to hold the door open for them, who then gain access to sensitive information or systems. 

Inside man

Finally, the “inside man” of social engineering refers to someone with legitimate access to a company or organization and compromises it to facilitate unauthorized activities. They exploit insider knowledge to hackers and provide access or data to carry out an attack. This technique is one of the most dangerous types of social engineering since it is difficult to detect. 

Common Techniques Used in Social Engineering

As you can gather from the types of social engineering we shared above, the most common techniques include impersonation, manipulation, and deceit. Attackers prey on individuals by using a false sense of urgency or fear to encourage the victim to hand over sensitive information that they can use to access an information system or financial account. 

How to Protect Yourself

The best way to protect yourself is to be aware of the common types of social engineering and be alert when you think someone may be using one of these techniques. 

Always verify the identity of a person or organization who contacts you. Double-check the email addresses from messages that ask for sensitive information. Do not open attachments from sources you do not know. 

It also helps to use strong, unique passwords for each account and two-factor authentication for your most protected accounts, such as an email or bank account. 

Finally, always err on the side of caution when receiving unusual or unsolicited requests for information. 

Conclusion

By staying vigilant and educating yourself, you can prevent social engineering attacks from impacting you or your company. 

Les Olson can provide your team with more in-depth training to investigate this critical issue more thoroughly. Contact them today for more details and to schedule.   

