What Is Social Engineering?
Short definition: In information security, social engineering is the psychological manipulation of individuals to trick them into revealing valuable information. In cybersecurity, social engineering tricks are part of scam campaigns that aim to implant malware, steal data, or give access to restricted networks and systems.
Extended definition: Social engineering attacks can take place online, over the phone, or even in person. In cybercrime, threat actors attempt to exploit the general lack of knowledge that both individual and enterprise users suffer from. By pretending to be legitimate individuals, employees of other companies, or IT support staff, hackers aim to get hold of sensitive information or implant malware, in most cases.
The common trait of most socially engineered attacks is the creation of a sense of urgency, fear, anger, or some other strong emotion. The ultimate goal is to exploit the emotional reaction of a person, before the person realizes what is going on. Most scams are based on the following factors:
- Creating a sense of urgency
- Exploiting fear
- Building trust
Depending on the specific case, attackers can use a more complicated or a more simplistic approach.
What are the types of social engineering attacks?
Phishing and all its diversions, including voice phishing (vishing), SMS phishing (smishing), email phishing, spear phishing.
DNS spoofing and cache poisoning attacks.
Watering hole attacks.
Physical breach attacks.