Social engineering is the social, or human side of cyber security.
It is easier for criminals to manipulate a human than to try and hack software or devices. So rather than attacking technology, criminals exploit the users of the technology to get what they want.
Social engineering can be done through a variety of methods. This includes phishing emails, phone calls or text messages, and in-person.
Examples of Social Engineering
A common example of social engineering is phishing emails. Criminals may send you an email impersonating a colleague or a company you trust. Within the email, they’ll use manipulative or alarming language to convince you to click on harmful links or share private information.
Some social engineering scams do not necessarily target you directly though. Through social media or webpages, criminals will bait users by promoting access to popular items, such as a free download of a new movie. You may instead install malicious software.
Social engineering can also take place in person too. An example of this may be a criminal disguising themselves as someone else to gain entry to an office or workplace. They may just even slip through a doorway after someone else. Once in, they look to obtain company data or infect networks by inserting USB sticks into unattended devices.
In most cases, criminals will pray on people when they are most vulnerable. This has been evident in recent years with phishing attempts covering topics such as COVID-19 or the cost-of-living crisis.
Social Engineering Red Flags
There are several red flags to look out for that could help you avoid being a victim of a social engineering scam. These include:
- A colleague, friend or family member sending you unusual messages or requests – particularly from unknown numbers or email addresses
- The sender making urgent requests
- The sender or individual can’t prove their identity
- Your emotions are heightened, and you feel a sense of panic
- An offer or reward feels too good to be true
- You receive an offer for help that you didn’t ask for
Awareness training is one of the best ways to ensure your colleagues can spot these red flags.
How to Prevent Social Engineering Attacks
As social engineering attacks can happen in many different forms, the first line of defence is security awareness training. Make sure your colleagues know how to spot the signs of various attacks and how to properly verify any communications.
Adopting a zero-trust strategy within your business can support the prevention of these attacks. You can read more about a zero-trust strategy here.
Additionally, you can implement security measures such as multi-factor authentication, endpoint detection response, app protection policies, USB control, a password manager and more.
You can use our free checklist, Cyber Score, to measure how protected your business is against cyber threats such as social engineering, as well as learning what you can do to improve your security.