Social Engineering 101

You answer the phone. The caller claims to be from IT and has seen some suspicious activity on your computer. They need you to type in some commands. You read an email. The sender appears to be the CEO. Funds need to be transferred ASAP, or an important deal will fall through. You get a text. The sender is saying they are your boss, and they want you to pick up some gift cards for a company outing. In all these situations, you may be the target of a social engineering attack. But you don’t have to be a victim.

What is social engineering?

Social engineering is a form of hacking that doesn’t rely on technology. Instead, hackers manipulate you into breaking company policy to give them what they want.

Social engineers use a few different tactics.

A social engineer may pretend to be an authority figure. For example, they may impersonate a company executive and pressure you into sending them valuable documents.

A social engineer may use your kindness to get what they want. They might pretend to be a delivery driver and ask you to hold the door open for them.

A social engineer may use fear and intimidation to get you to comply. For example, they pretend to be an angry customer and threaten to get you fired if you don’t give them what they want immediately!

Social engineers are looking for money, access or data. They often attack organizations that have access to large amounts of data, such as schools, hospitals and government agencies. If they hit one of these targets, social engineers can steal thousands or even millions of personal records at a time.

 Social engineering attack vectors.

  • Phishing — Phishing is the most common attack method. With phishing, attackers send legitimate-looking emails, hoping to trick you into taking action.

  • Spearphishing — Unlike regular phishing, spearphishing targets one specific person. The target has access to money or data and the attack is crafted specifically to appeal to them.

  • Vishing, or voice phishing — Social engineers use phone calls to impersonate customers or coworkers.

  • Tailgating — A social engineer follows someone into a restricted area, often by pretending to have lost their access card or key.

How to avoid social engineering attacks.

  • Examine all links and attachments to ensure that they are safe and coming from legitimate senders
  • If you find something suspicious, contact your security team immediately
  • Don’t share sensitive or personal information
  • If a message might be from an impostor, contact the real person or organization through a known, safe method, such as a public phone number
  • Slow down your conversation. Don’t be hurried into making a decision that could end poorly

Want to learn more?

We understand that exceptional service delivery is only possible when our team is fully committed to purpose-driven work. That’s why we’re proud to lead the way in creating a culture of personal growth, development, and accountability. We believe that building strong relationships through trust and reliability is key to becoming an exceptional industry leader. Our ultimate goal is to help our clients succeed in today’s complex business environment.