Dictionary
min read

Social engineering

Social engineering uses techniques to trick individuals into revealing sensitive information

What is social engineering?

Social engineering involves manipulative techniques used by attackers to trick individuals into revealing sensitive information or performing harmful actions. It exploits human psychology rather than technical vulnerabilities.

What are examples of social engineering?

  • Time pressure: The attacker creates a sense of urgency to make the victim act quickly without thoroughly thinking through the situation. For example, they may claim that an offer is time-limited or that an account will be locked if immediate action is not taken.

  • Use of strong emotions: Manipulators exploit emotions such as fear, guilt, or greed to influence the victim’s decisions. For example, they may send a frightening message that your account has been compromised and that you need to provide information to secure it.

  • Authority: The attacker poses as an authority figure, such as a boss, police officer, or IT support person, to get the victim to follow their instructions without question.

  • Sympathy and trust: The attacker builds a relationship with the victim to gain their trust. This can include sharing personal stories or showing empathy to make the victim feel comfortable sharing information.

  • Reciprocity: The manipulator offers something of value, such as help or a small gift, to make the victim feel obligated to return the favor by providing information or performing an action.

  • Conformity: The attacker uses peer pressure to get the victim to follow the actions or decisions of the majority. This can include claiming that “everyone else is doing it” to make the victim feel pressured to comply.

  • Confusion: The attacker overwhelms the victim with complex information or technical jargon to create confusion and make them rely on the attacker’s guidance.

Different types of attacks where social engineering is used:

Phishing, Spear-Phishing, Pretexting, Baiting, Vishing, Smishing, Spoofing, Dumpster Diving, Whaling.

Sicra and social engineering

Sicra recommends that companies be aware of communication where these manipulation techniques are used. It is also recommended to train employees to recognize signs of social engineering and ensure that information systems are installed with the latest security updates.

If you have been subjected to an attack and your data is compromised or locked behind ransomware, Sicra can assist in getting systems to function and be secure for future attacks.

If you want security consulting to establish good routines, we can assist with our CISO-for-Hire service.

Services:

Read about our "CISO-for-Hire" service here >

Read about "security training" here >

Related terms: Phishing, Pretexting, Cybersecurity, Spear-phishing, Baiting, Vishing, Smishing, Spoofing, Dumpster diving, Whaling.

Need Assistance?

We are happy to have a non-binding conversation.
Contact us

Tailored cybersecurity for institutions and enterprises that allows for innovation, growth, and fearless performance.

Get in touchCall us +47 648 08 488