Social engineering explained: how criminals manipulate and exploit humans

Social engineering explained: how criminals manipulate and exploit humans

29 September 2020

People can be hacked just like computers. But, instead of being infected with a virus, they are tricked into revealing confidential information. Social engineering is a blend of art, science, and psychology. Instead of gaining access to someone’s system and data or trying to find a software vulnerability, users are manipulated to reveal their personal information, such as emails, bank accounts, and passwords.

Social engineering attack techniques

There are many different forms of social engineering attacks which can be performed anywhere where human interaction is involved.

We compiled a list of the most common forms of digital social engineering assaults.

  • Phishing

Phishing is one of the most common forms of digital social engineering assaults. People are tricked to reveal their confidential information such as banking details or passwords. Usually, phishing attacks start when the potential victim receives an email, call or message in which the sender poses as a bank, a real company or organization in order to trick the potential victim into revealing their data.

The email contains links to websites that look legitimate but are actually prepared by the criminals and ask the victim to enter their personal information. The goal is to reach as many people as possible.

  • Spear phishing

When it comes to spear phishing, the scammers usually pose as an employee from the recipient's own company - mostly as someone in a position of authority or from someone the target actually knows personally. Scammers who are also known as phishers often gather information about their targets from social media in order to personalize the email and make it more realistic.

  • Vishing

Vishing is the fraudulent practice of making phone calls or leaving voice messages tricking victims into thinking that it’s from companies and revealing personal information, such as credit card numbers or bank details. Usually less tech-savvy end up as victims of vishing.

  • Baiting

Baiting attacks are similar to phishing. In baiting, attackers promise some kind of reward, a gift or other goods in order to entice the victim. Usually attackers offer free music or movie downloads if victims agree to enter their login credentials to a certain website.

  • Scareware

Scareware is a type of malware that is designed with a purpose to trick users into buying or downloading unnecessary and dangerous software, just like a fake antivirus software program.

  • Pretexting

Pretexting is a type of scam where the scammers pretend that they need information to confirm the identity of the person he is talking to. They usually create a good pretext or a scenario in order to try and steal the victim's confidential information. After stealing the information, scammers use it for identity theft or perform secondary attacks.

All of these techniques are used to convince someone to do something against their will and best interest. Unfortunately, many people share their details when they see trusted logos or links to known destinations.

How can you protect yourself from social engineering attacks?

Delete all requests for revealing financial information or password. If you get this kind of message or email, it’s 100% a scam.

  • Don’t accept any offers for help

Legitimate banks or companies never contact someone to provide help, especially not via text or email. If you didn’t request assistance from the sender, it’s a scam. Delete these kinds of messages especially if they are from organizations or charities that you don’t have a relationship with.

  • Secure your devices

Install an antivirus program, a firewall, and keep them up to date. Also, use an anti-phishing tool from your browser in order to be alerted whenever there’s a risk.

  • Increase your email security

Set your spam filters to high. All email providers offer this option. Keep in mind to check your spam folder from time to time because even legitimate emails can accidentally end up there.

Social engineers aren’t hackers. In fact, they are very intelligent people with good soft skills, and the ability to think critically. But many hackers use social engineering techniques to perform further cyber attacks.

When it comes to the terms of cybersecurity, social engineering can damage businesses' reputations, steal governments’ secrets, and cost individuals hundreds of thousands of dollars.

Even though using the most powerful antivirus software is very important, you also need to be very careful online. Currently, the best defense against social engineering attacks is user education and layers of technological defenses to better detect and respond to attacks.

talk to a pro