Social engineering is currently one of the most dangerous cyberthreats to businesses and individuals. In fact, Forbes listed these types of cyberattacks as the greatest digital threat in 2013. By preying upon basic human proclivity to trust, hackers can gain access to and steal confidential information. In the webinar, “Human Hacking: The Art of Social Engineering”, the National Cybersecurity Institute stated that “people are your biggest security vulnerability.” On various technology websites, IT professionals listed phishing attempts, baiting tactics and pretexting as the main types of social engineering. It is important for employees and individuals to receive adequate cybersecurity training to be able to identify these forms of social engineering and avoid becoming the victims of costly cybercrime.
This is the most common form of social engineering, as reported by Tripwire. These attacks occur when a hacker presents him or herself as a genuine entity, often a school, company or financial institution. According to Security Week, some cybercriminals go so far as to duplicate the websites of these institutions to lend credibility to their cover stories. The hacker then attempts to make contact with the potential victim through a digital medium. These messages, whether they be emails or social media chats, commonly include requests for donations to fake charities or invitations to visit a specific website to claim prizes. Once the victim engages in the message’s call to action, whatever it may be, the hacker gains access to the target’s computer or phone through malware and spyware. They are then able to extract the victim’s personal information. Microsoft suggested that phishing attempts may be easier to spot than other types of social engineering, as most messages contain spelling, grammar or syntax errors.
Phishing is a common and costly type of social engineering.
This form of social engineering is different from phishing in that it is an enticement rather than a request. Hackers will present a desirable product or service to thieve personal information. According to Webroot, baiting has grown more dangerous since the introduction of Internet video streaming and peer-to-peer sites. Many people fall victim to baiting cyberattacks after filling out a form to gain access to free online music, movies and television downloads. The forms may provide the option to log in using social media accounts, giving the cybercriminals full access to the information stored on those sites.
When a hacker’s cyberattack is based upon establishing legitimacy and developing trust it is called pretexting. SC Magazine described one style of pretexting in which a hacker poses as an individual employed by the business he or she is trying to infiltrate. Often digitally disguised as an externally contracted IT worker, the hacker requests system login information to complete a service request. Once the individual has gained the victim’s trust, he or she will have access to either pilfer confidential information from companies or implement harmful malware.
Even though it is the most common type of cyberattack in today’s digital landscape, social engineering is often the most successful as it targets human vulnerabilities. Even companies with a seemingly impenetrable defense system in place are susceptible to attack, as this criminal tool exploits human behavior. It is important for organizations to have individuals trained to identify and eliminate these threats.
Visit the National Cybersecurity Institute’s website now to learn about how to start your career as a cybersecurity professional and become the first line of defense against cyberattacks like social engineering.