It involves manipulation of people in order to achieve an unauthorized access either to the systems or data. compared to actually hacking into the program, attackers deceive their targets into revealing the information on their own.
Example: A scammer claims to be from IT support and he simply asks an employee of the organization to provide them with their login information because of an emergency. On the caller’s word, the employee gives the information that gives the attacker an access, albeit unconsciously.
Types of social engineering attacks include:
Pretexting: Cheating to get people to trust the incongruous.
Baiting: Creating something valuable (such as a flash drive that is free of charge) containing a virus.
Tailgating: Closely trailing another employee into a locked area without the rights to do so coherently.
Real-world case: In 2020, cybercriminals perpetrated the world’s largest crypto heist having accessed employee accounts of Twitter through social engineering.
Prevention Tips:
Explain to the employees different types of social engineering attacks.
For such requests ensure that high levels of verification are maintained.
Secure important accounts by employer and personal identification number and other forms of identification.
Tip: I want you to recall that the end-user is always the primary attack vector of virtually all cyber assaults. The fifth best practice is to always question hysterical calls that one receives no matter their source or urgency.
Top comments (0)