Social Engineering — Definition, Examples, and Tips

View all blog posts under Articles | View all blog posts under MSCS

Cyber security professional works on computer making sure that everyone at the company protects themselves to help thwart social engineering attacks.

When a person’s privacy is compromised using non-technical means—including something as normal as receiving a telephone call while at the office—hackers can quickly acquire sensitive information. Hackers might pretend they work in the IT department when in reality they’re attempting to gain access to the company’s network through one of its employees.

This social engineering, as it is called, is defined by Webroot as “the art of manipulating people so they give up confidential information.”

Not only is social engineering increasingly common, it’s on the rise. According to the security plugin company Wordfence, social engineering attacks doubled from 2.4 million phone fraud attacks in 2012 to 2.3 million attacks in the first half of 2013. Those numbers have only continued to rise, with Juniper Research expecting the cost of global data breaches and cyber crime incidents to surpass $2.1 trillion in 2019 (four times the estimated cost in 2015).

An online cyber security master’s degree from the University of North Dakota can help professionals and prospective employees to enrich their cyber security information knowledge. Specifically, they can learn how to better understand and combat the dangers attached to the growing threat of social engineering, as well as learn why it is happening and what can be done to prevent future attacks.

What to Watch For

Part of preventing this unwanted behavior is becoming readily familiar with the kinds of commonplace cyber security dangers that now exist.

According to Infosec, six examples of social engineering attacks to be aware of are:

  • Phishing. By using email and social media, attackers attempt to either a) get victims to provide sensitive information or b) draw them away using links that jeopardize their computer system. Logos and images are copied to trick people into thinking they’re otherwise reputable companies.
  • Watering Hole. Hackers add malicious code to sites that their targets frequently visited in the past or that they expect them to visit soon. When they do so, malware is installed, and the victim’s security is compromised.
  • Whaling Attack. This type of phishing is used primarily to attack business executives and government agencies. It masquerades as a legitimate authority and usually points towards a fake company-wide concern. It’s used to gain passwords, personal data, and access credentials.
  • Pretexting. Attackers pretend to be someone they are not in order to acquire private information. They create a fake identity (or multiple identities) and build trust, then attempt to manipulate the victim. One example is by posing as an outside IT services contractor to gain access to the organization.
  • Baiting. By promising an item the victim might want and preying upon their curiosity, attackers could easily gain access they might not otherwise have. One well-known tactic is disguising a malicious file as a software update or as generic software they might want or need. Closely related to baiting is a Quid Pro Quo attack, which offers goods in exchange for information or access.
  • Tailgating. When attackers want to gain access to an otherwise restricted area, they attempt to walk in behind someone who is actually authorized. This technique is also referred to as “piggybacking.” For instance, a person may impersonate a delivery driver—perhaps carrying several boxes—and wait for someone to open a door.

Other examples of social engineering attacks may include criminals or attackers responding to a problem that the targets never had while sometimes offering extra assistance to fix it – usually free of charge – or creating distrust and starting conflicts by hacking passwords, altering private communications and forwarding them to others.

Slowing Down is the Solution

As part of their responsibilities, cyber security professionals may need to instruct the managers, employees and contractors at their company on how to protect themselves from hacks, including social engineering.

First, people should be aware of what’s happening around them, taking note of details both small and large. Webroot offers some tips that cyber security personnel can pass along to others in their company, including:

  • Slow down. Choosing not to get influenced by a spammer with a high sense of urgency and taking careful consideration of what is unfolding is paramount. Avoid getting caught up in something that is a fabrication in the first place.
  • Do some research. Be suspicious of any messages or phone calls you weren’t expecting, even if they seem to be coming from a company that you may trust and regularly use.
  • Be wary of every link you click on. Inspect the links to determine if they are actually the right ones. Use a search engine prior to clicking to see if the one you’ve been sent matches with it.
  • Guard your email and contacts. If you lose control of your email account at any point, people you email regularly may also become victims. Always check with friends before downloading attachments.
  • Beware of foreign offers – they are fake. This sort of communication may be the easiest to spot. Remain wary of sweepstakes winnings or notification of money you’ve inherited from a relative you’ve never met.

Making sure that everyone at the company protects themselves, their identity, and their passwords can strengthen cyber security efforts and help thwart hackers who engage in social engineering attacks.

About the University of North Dakota’s Online Cyber Security Master’s (UND MSCS) Degree

The University of North Dakota’s online cyber security master’s degree offers professionals the ability to gain analytical skills that can position them on the front lines in the fight against cyber crime.

UND’s online cyber security master’s degree program is accredited by the Higher Learning Commission and ranked by U.S. News & World Report as one of the Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard, and MIT.

UND prepares students for careers in cyber security with concentrations in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security. For more information, contact UND today.

Sources:

Definition 1: Wordfence

Definition 2: Webroot

Attack Statistics: Wordfence

Juniper Research Statistic: Datafloq

Examples: Infosec

Extra Examples: Webroot

Tips: Webroot