Padlocked

Protecting you from cybercrime, one step at a time.

Below this is were the further explanation of this website resides! If you want to know more about the website, or need access to the pages, please select the link to the page below!

    Common Cyberattacks: Social Engineering

    What is Social Engineering?
    Social engineering is an umbrella term used in referral to cyber-attacks that adopt psychological tactics to manipulate people, with such things as money, love and fear being massive factors to its advantage. No matter the strength of the security’s design, human error can lead to a breach in security, as people can be fooled into revealing important credentials like bank details and emails by a good actor with malicious intent.

    Types of Social Engineering
    There are many types of social engineering, and all have advantages that can be abused. These include phishing, baiting, “quid pro quo”, and tailgating.

    • Phishing: These attacks use emails, websites, web ad, SMS or videos to inspire its victims to act. They can also appear to be from companies like banks or government agencies, or departments within a victim’s company, such as IT, HR or finance.
    • Baiting: These attacks engage their targets with alluring offers, like free items, in an attempt to retrieve sensitive information that has likely been used on other websites. This also includes flash drives being plugged into a computer that is engineered to key log and store inputs like passwords.
    • Quid Pro Quo: Like baiting, it targets individuals, but specifically with an offer to pay for a service. An example would include the malicious actor pretending to be an academic researcher that will pay for access into the corporate environment.
    • Tailgating: Only able to be conducted in person, attackers will infiltrate by asking an employee to hold the door open for them whilst appearing important. This would include uniforms or outfits that are of least suspicion.

    Preventing and Mitigating Social Engineering
    The best practice to undergo in relation to the prevention of social engineering attacks, a few considerations are best to take. The likes of hovering over links and avoid opening attachments from unknown and untrustworthy senders, not providing sensitive information such as account details, date of birth, or anything relating to financial data, and verifying the legitimacy of the likes of websites and requests to ensure that your safety is at a professional standard.