How to protect yourself from social engineering?
Welcome to CyberHygiene, our weekly newsletter, where we share tips and actionable data to help everyone stay safe online.
First time seeing this? Please subscribe.
Social engineering is a technique used to manipulate and deceive people. Malicious actors exploit human psychology to gain private information, access or valuables.
Social engineering attacks usually involve a series of highly-calculated steps where con artists invest weeks or months into nurturing a slow-building relationship with their victims.
The attacks are not always related to cybersecurity. Social engineers can reach out and trick you without ever having to speak a word. Social engineering attacks work just as well in person, over the phone, on social media or via email.
1. What are the most common types of social engineering attacks?
Attackers focus on creating a good pretext or a fabricated scenario "that they can use to steal their victims’ personal information." These attacks commonly take the form of a scammer pretending to need certain information from their target in order to confirm their identity.
Baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware.
It is the act of looking over someone’s shoulder, writing down or memorizing logins or passwords.
Watering hole attacks infect popular web pages with malware to impact many users at a time. It requires careful planning on the attacker’s part to find weaknesses in specific sites. They look for existing vulnerabilities that are not known and patched — such weaknesses are deemed zero-day exploits.
An unauthorized person takes advantage of an authorized person to gain access to restricted areas. These areas have physical or electronic authentications required to gain access.
Attackers collect information from discarded materials such as old computer equipment (e.g., hard drives, thumb drives, DVDs, CDs) and company documents that were not disposed of securely.
3. How to spot social engineering attacks?
Most social engineering attacks employ one or more of the following tactics
4. How to prevent social engineering attacks?
1) Security awareness
Recommended by LinkedIn
2) Access control policies
3) Cybersecurity technologies
5. What do you do if you think you are a victim?
6. What resources are available to better understand Social Engineering?
1) Books
2) Courses
3) Documents
4) Podcasts
5) TV Show
6) Videos
For more content about social engineering, visit:
Subscribe and Comment.
Copyright © 2022 CyberMaterial. All Rights Reserved.
This article was written by Marc Raphael with the support of Team CyberMaterial, Sofia C. V., Nicolás Peña, Fabino R. Darius
Digital Marketing Consultant | Creative Director | Social Selling
2yAwesome! This is definitely helpful, Marc. :)
President | CEO at ABC Structure inc | Engineer | Businessman
2yHave you heard about the Microsoft Exchange server data breach in 2021? Thousands of servers and millions of email communications were copied by hackers. Now they are being used in social engineering hacks. My company has been an unfortunate victim of that server breach! What can you suggest as a precaution?
Founder, President & CEO Cybercrime Analytics Inc.
2yMarc, Thanks for the great article and shout out for my book and recent interview with Sofia. Keep up the great work.
Advocate at Supreme Court of India | Making businesses LawReady | Legal Adherence Audit, Training, Contract Mgmt., IP valuation & IPR mgmt., | Cyber, Data Privacy, AI & Environment Law expert
2yGreat insightful work Marc R. thanks for sharing