What is social engineering?
Social engineering is any act that influences a person to take an action that may or may not be in their best interest. Essentially, it's tricking people into doing something or revealing confidential information. It’s often done as one step in larger fraudulent schemes.
Social Engineering uses many techniques
A Social Engineering attack will usually include the use of many of the techniques simultaneously:
- Phishing, in the form of emails, phone calls or SMS that trick the victim into disclosing confidential information.
- Baiting, which takes advantage of your natural responses of curiosity, caring and greed. Victims may be enticed into believing they will either get something for free or be helping someone else.
- Pretexting, where the attacker has a believable 'story' to fool the victim. The story includes real information about the victim which the attacker has already researched – this means the victim is more comfortable in revealing even more information.
- 'Quid pro quo'. The victim is tricked into doing something for the attacker in the belief that there will be a benefit to them in return.
- Tailgating, where someone gains access to a secure location by simply following an authorised person through the door.
- Diversion theft, where courier or delivery companies are tricked into delivering a package to somewhere else.
What are the dangers?
- Financial loss
- Identity theft
- Getting locked out of your email, bank account or other essential online services
- Your credit history may be adversely affected