What Is Social Engineering?

Social engineering is a manipulation technique used to deceive individuals or groups into exploiting or gaining unauthorised access to sensitive information or resources. Since most humans like to help, this cyberattack targets human vulnerabilities rather than technical vulnerabilities by using psychological tactics to exploit their curiosity or impulse to trust.

Falling victim to social engineering could lead to unauthorised access to data, identity theft, financial loss, or compromised network security. Read on to learn how to protect important data from this threat.

How to combat social engineering?

Question suspicious or unsolicited emails, calls, or visits to combat social engineering. Be sceptical before providing personal, sensitive, or proprietary data. Educate yourself about security awareness. If they’re using an urgent or emotional appeal, think twice. Install strong security protocols such as two-factor or multi-factor authentication to make it more difficult for social engineers to get into your accounts with their illicitly gained information. 

Types of social engineering

Almost every type of cybersecurity attack has some traits of social engineering. The following are some common methods that attackers use:

• Phishing: Attackers send deceptive emails or messages to persuade you to click on a link, download a malicious file, or provide sensitive data.

• Smishing: Bad actors use messaging, such as texting or WhatsApp, to get you to send payments, download attachments, or provide personal information.

• Spoofing: Cybercriminals create websites that look like they belong to legitimate organisations to trick you into revealing sensitive information. 

• Baiting: Leaving physical or digital devices, such as infected USB drives, in strategic locations to tempt individuals into using them. You’re trying to help get that device back to its owner, but you unknowingly grant access or compromise your systems.

• Pretexting: An attacker uses an alternative persona to entice you to disclose data or access credentials. Often, they will appear to be authority figures, such as the Indian Revenue Service (IRS) or a business supervisor.

• Tailgating: Someone gains unauthorised entry to a restricted area in a physical location, such as a building, by following closely behind a person who has access. The individual might appear as a repair person, or they might come up with their hands full of balloons and a cake and ask you to hold the door open for them.

• Quid pro quo: Offering something of value, such as a gift or service, in exchange for personal information or access to systems. When you see something too good to be true—say free Apple products—don’t fall for this type of social engineering. Someone offering your IT support in return for your access information is another common version of quid pro quo.

Get started combating social engineering.

A social engineering attack might mark the inception of a more extensive cyber assault. Get cyber-ready and take the next step towards a career in cybersecurity by enrolling in the Google Cybersecurity Professional Certificate on Coursera. This certificate is your gateway to exploring job titles like security analyst, SOC (security operations centre) analyst, and more. Upon completion, you’ll have exclusive access to a job platform with over 150 employees hiring for entry-level cybersecurity roles and other resources supporting your job search.