Show
What is social engineering?Social engineering is the practice of using psychological techniques to manipulate behavior. Social engineering happens by exploiting human error and encouraging victims to act against their interests. In information security, the social engineering definition refers to getting people to divulge private data online like login details or financial information. In other contexts, social engineering means something slightly different. In the social sciences, for example, social engineering is simply the effort to psychologically influence social behaviors on a larger, group scale. That can include encouraging people to behave well on public transit, stop smoking, or even support political revolution. Here, we’ll focus on social engineering in the information security context, where hackers deploy techniques online to gain access to confidential information. In this digital realm, social engineering can be defined as a cybercrime. How does social engineering work?Social engineering works by taking advantage of people’s cognitive biases. A social engineering attacker poses as someone likable, trustworthy, or authoritative and tricks the victim into trusting them. Once the victim trusts the attacker, they’re manipulated into handing over private information. Unfortunately, there are many cognitive biases that attackers can exploit to their advantage, snatching victims’ private data right out from under their noses. Social engineering techniques exploit this tendency toward trust in many different ways. Types of social engineering attacksOne of the best ways to protect yourself from a social engineering attack is to learn about the common methods used in social engineering. These days, social engineering happens frequently online, even via social media scams, where attackers pose as a trusted contact or authority figure to manipulate people into exposing confidential information. Here are other common types of attacks in the social engineering toolkit:
|