Home » Cybersecurity » Careers » Protecting Against Social Engineering Attacks

Protecting Against Social Engineering Attacks

Most people think of hacking as using malware and coding to bypass security defenses and steal data or money. Social engineers take a different approach, targeting the human instead of the software to achieve their goals.

How Social Engineering Works

Social engineers take advantage of knowledge of human behavior to perform their attacks. A person’s biases, assumptions, beliefs and more can allow an attacker to trick them into doing something that is in the attacker’s interests. The field of social engineering is based on psychology and acting.

Research by Robert B. Cialdini found that humans are more likely to comply with a request under certain circumstances:

1. The request is made by an authority figure
2. The person making the request is likable or has similar interests, beliefs and attitudes as the victim
3. The person making the request gives or promises the target something of value in return for their help
4. If the requestor is asking on behalf of a cause that the victim has publicly endorsed
5. If complying with the request appears to be in line with what others are doing
6. When the requestor is offering something in short supply or available for a limited time

Social engineers are aware of these human biases and take advantage of them in a variety of ways. Social engineering attacks commonly involve:

• Pretexting: Masquerading as someone else
• Baiting: Enticing the victim with promises of something of value
• Blacmail: Threatening to reveal something that the target wishes to be kept secret
• Quid Pro Quo: Promising something to the victim in exchange for their help

Social engineers use their knowledge of how people think in a variety of ways. By targeting the human element, they increase their probability of a successful attack by bypassing defenses designed to protect against “conventional” hacking.

Types of Social Engineering Attacks

(Read more...)