What is Social Engineering:
There are two ways to steal anything — you either take it yourself or you get someone else to give it to you. Social engineering is a broad umbrella term for any tactics designed to exploit and manipulate trust. Hence, the victim hands the attacker what they want — access to information, accounts, or computers inside a secured area. Think fake customer service calls designed to reset passwords or a criminal spoofing your CEO’s email address and asking someone in finance to send an urgent wire transfer — a type of scam referred to as a business email compromise (BEC).
What makes protection a challenge:
Everyone — repeat, everyone — can be conned, defrauded, fooled, or manipulated. Being vulnerable can sometimes come down to a lack of training or experience, but more often, it can directly come down to distraction and mental fatigue. Since this attack targets people directly, there’s very little that technical safeguards can do, especially if the action isn’t outside the employee’s typical responsibilities or usual behavior — like resetting a password for a desperate user (a typical tech support con).
Want to discuss it further, contact us today!
COMMON SECURITY THREATS SERIES:
Learn about other security threats you might be up against: