Social engineering is all about deceiving people into giving up organizational information or performing actions that can compromise devices or services, and is the easiest way to attack any organization.
- Deceiving people into giving up organizational information, opening malicious attachments and more is far easier to do than finding and exploiting technology specific vulnerabilities.
- Information gleaned from organizational websites, personal social media and more can be used to help cybercriminals decide who to target, who to impersonate and what tactics may work best.
- Social engineering attacks have been part of some of the largest cyber attacks and data breaches over the past few years.
Phishing is the most common form of social engineering due to its ease-of-use and high success rate
Phishing e-mails are designed to look like genuine communications from your organization or other trusted entities such as banks, governments or online services
Phishing e-mails are often designed to lure victims to visit infected or fraudulent websites, to provide critical information or to open malicious attachments
Text message attacks may appear to be coming from a trusted source such as a financial institution, a social media site or your organization
It may contain a link to a compromised website that may try to find vulnerabilities in your mobile devices in order to infect it with malicious software or malwar
One popular in-person attack involves leaving USB keys or other removable media in parking lots in order to trick unsuspecting organizational members into checking the contents on their work device.
Doing so can lead to malware infecting the device or an automatic script could be run that could performing other actions to compromise an account.