Welcome to the newest edition of Cyber Lingo, “Social engineering definition and examples”. As the title explains, today we’ll tackle one of the most common tactics used in the cyber security world: Social engineering.

Although it is a common framework for cyber criminals, not all employees know what social engineering is. By knowing the definitions, identifiers, and examples of social engineering employees can be better prepared to spot social engineering attacks and stop them in their tracks. Let’s get started: 

What is social engineering?

Social engineering is a manipulation technique that cyber criminals use to trick victims into taking a certain action, typically sharing personal information, handing over money, or giving access to a network. It relies on psychological manipulation rather than technical hacking methods, making it a highly effective tactic for attackers.

Cyber criminals build trust and then rely on emotions of fear, uncertainty, and urgency to force individuals into taking the wanted actions. These tactics can be used in a multitude of ways including over email, on a phone call, or in person.

Photo by ThisisEngineering on Unsplash

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

Cybersecurity Awareness Training for ALL

Take proactive steps to invest in your business’s cyber resilience now to protect your organization from costly data breaches and disruptions. Start easily with our Quickstart Training Bundles. To learn more CLICK HERE.

In almost all phishing attacks, there is some form of social engineering being attempted, to get you to trust the sender and take an action that benefits the attacker. In many cases, the attacker is impersonating somebody or a brand you trust.

Applications of social engineering

When will you see the term “social engineering”? 

Social engineering terms often appear in discussions about cyber security training, policies, and news. You’ll likely have a training module and certain policies dedicated to only social engineering. This term is also prevalent in any news about data breaches and cyber attacks, so you’ll likely see this term in headlines online and during in-person discussions. 

When will social engineering be used against you?

If you work in a business environment or have an email or social media accounts, social engineering is used against you regularly. Some key environments to be aware of social engineering tactics would be:

• Phonecalls
• Emails
• Social Media Direct Messages
• SMS Messages
• Networking Events
• In-Office Interactions 

You are particularly vulnerable to social engineering attacks if it’s a busy time for your business, there are external distractions (ex. Tax season), or you are expecting to see or hear from people you don’t know. The key is to always be on alert for social engineering scams. 

Tips for fighting against social engineering

Constantly being vulnerable to social engineering attacks may sound scary. But, there are ways you can protect yourself from falling victim to these advances. Here are some common tips for spotting and fighting against social engineering:

1. Awareness and Training: If you are reading this article, you are already one step ahead! The best way to prevent social engineering training is to be aware of social engineering and the changing tactics. Put your best foot forward during your company’s cyber security training and you will be in the best position to spot and defend against social engineering attacks. 
2. Verification Procedures: Verify, verify, verify. Always verify the sender, caller, or speaker of a message. If it is an email, check to see if the email URL matches the company’s domain exactly. If it’s a phone call, hang up and call the number you have in your contacts. If it’s in-person, consider developing code words with your team to verify people’s identification in first-time meetings. Verification is a huge prevention technique for social engineering. 
3. Pause and breathe: Develop a routine and culture where you don’t feel rushed to complete tasks or give information without stopping to think. Just taking a count of ten seconds to stop and think about the possibility of impersonation of an email can save your business thousands of dollars. This all starts by having a culture and routine that allows you to take these pauses and verify. 

Real-life case of social engineering

One of the biggest social engineering breaches in history was the Sony attack of 2014. It is believed that this attack started because cyber criminals were able to use social engineering techniques to trick Sony employees into giving login credentials over email. 

Using those credentials, the cyber criminals gained access to Sony’s network and released vast amounts of sensitive data including employee information, unreleased movies, and internal communications. It was months of threats and releasing data until Sony was able to gain full control of their networks. Even after this, Sony still dealt with employee lawsuits and a poor reputation. 

Other terms to know:

• Phishing: A method of social engineering where attackers send fraudulent emails to trick recipients into revealing personal information or installing malware.
• Pretexting: Involves creating a fabricated scenario (pretext) to persuade someone to divulge information or perform an action.
• Brand Impersonation: When cyber criminals use a company’s brand elements (such as name, logos, colours, and communication styles) to create fake websites, emails, text messages or social media profiles to trick victims.

Social engineering represents a significant threat in the realm of cyber security, exploiting human psychology to bypass technical defences. Understanding the definition and various applications of social engineering is crucial for developing effective countermeasures. By raising awareness, implementing robust security practices, and learning from real-life cases, individuals and organizations can better protect themselves against these sophisticated attacks. As the landscape of cyber threats continues to evolve, staying informed and vigilant remains our best defence against social engineering.