Social engineering

What is social engineering?

Social engineering is a psychological attack based on exploitation of naivete, lack of knowledge, or desire to help someone else.  Social engineering is a common form of cyber-attack, wherein the attacker tries to obtain information through improper methods, swindling, or deception.  Since this type of attack is based on human weakness, there is no technological way of efficiently preventing social engineering attacks.

The following are a number of common signs that may indicate that you are the subject of a social engineering attack:

  • Creating a sense of urgency and pressure with the aim of confusing the customer and causing errors.
  • Requesting information that the requester should know, or information that does not normally need to be provided (such as account numbers, balances, and so forth).
  • Requesting passwords and similar connection information. No legitimate organization would ask for this.
  • Pressuring the customer to ignore security rules, laws, and regulations.
  • Emails that contain numerous composition and punctuation errors.
  • Promises to win prizes (nothing is free), requesting assistance to transfer money, or assistance for temporary financial distress.

 

Rules of conduct that will help protect you from attempted social engineering:

  • The best way to protect yourself against social engineering attacks is to use your intelligence and increase your awareness of and alertness to suspicious situations.
  • The basic rule is that if something seems suspicious or not right, it is better to be cautious and to check whether someone is trying to trip you up.
  • Return phone calls and emails can help protect you. Ask to call back to the company’s official phone number or ask for a meeting.
  • If a friend or acquaintance asks for help, contact them directly before making any transaction (transfer of money or information, or even answering an SMS).
  • Requests for sensitive or classified information. You can ascertain that the request is valid with the official entity from whom the request has apparently come (bank, electric company, etc.)
  • Passwords, identifying data, and codes obtained by SMS are personal information and should not be sent to anyone under any circumstances!
This page was last updated on: 03/09/2024