Blog

What Is Social Engineering?

What Is Social Engineering?

What Is Social Engineering? Workplace Connect

It was found in 2021 that over 70% of all data breaches were due to social engineering!

 

What Is It?

Social Engineering is a very common cyber-attack that relies on human error rather than vulnerabilities within your IT. One definition of social engineering is “manipulating people into handing over confidential information such as a PIN or password”. Research has shown that cybercriminals use social engineering in 98% of attacks; therefore, the best way to minimise the chance of you becoming a victim of this, is through education. Cybercriminals will build trust or impersonate an entity in order for the victim to hand over confidential information. Social engineering can be very dangerous for individuals and companies alike, due to the amount of money or data that can be stolen. These kinds of scams can take place through:

  • Online communication
  • On phone calls
  • In person

 We are going to talk about different types of social engineering so you can understand what social engineering is and how to protect yourself from it.

 

Baiting

The first type of social engineering we will talk about is baiting. Baiting is given this name because it is the concept that cybercriminals are dangling something desirable in front of the victim in hopes they will fall for it. This can take place through a variety of methods, including:

  • Physical objects – cybercriminals can leave infected flash drives and USBs near the workplace using labels such as confidential in hopes to spark the curiosity of employees. Once the staff member connects it to their device it can install malware which can infect the devices and servers of the workplace. This can then give cybercriminals access to valuable information or can spread a virus, preparing the cybercriminal to complete a cyber-attack.
  • Downloadable content – a cybercriminal can encourage an employee to download media online to their work device, which is infected with malware; this can infect the whole work system including other devices and servers. Like physical objects, the malware will give cybercriminals access to all the data on the victim’s computer.
  • Links – finally cybercriminals will bait employees through emails and messages saying they are a lucking winner of __ or they have been chosen for the opportunity to __. Once the employee clicks on the malicious link, it will infect the computer and leave all of the data on the device vulnerable to the cybercriminal.

 

Scareware

As the name suggests, scareware is a type of social engineering which scares the victim into taking action on something quickly! The cybercriminal will take advantage of the victim’s fear in order for them to install software that isn’t what they need and actually contains malware. The victim could receive messages such as ‘you must act now to get rid of viruses and malware. In addition to this, the victim could click on a pop-up or banner that contains malware therefore always be wary of what you are clicking on, online.

Scareware can also be recognised for holding the victim’s data once they have downloaded the software hostage in exchange for a pay-out; however, the issue with this is the attacker has been able to access everything already so we would never recommend paying to get back everything you have lost.

The malware which infects a device can access all your data and allow the cybercriminal to hold it hostage. Secondly, it can install spyware which allows the cybercriminal to keep watch over everything you do on that device. Finally, the malware also has the ability to take up all of your storage within the device and take over the victim’s resources with adware.

Signs to look out for include:

  • Imitated logos of legitimate programs and businesses
  • A progress bar saying your device is being ‘scanned;
  • Flashing red images
  • Fake screenshots of files on your device

 

Pretexting

Pretexting is a type of social engineering where a fake story is designed to grab the victim’s attention and persuade them into engaging with the message. Once the attacker has immersed the victim in the story, they will attempt to trick the victim into handing over valuable information.

These attacks are effective if the attacker is able to build trust and trick the victim into believing they are who they say they are. The attacker could choose to impersonate someone the victim is close to such as co-workers, family, friends or a business who has the right to ask you for particular information. For example, they could impersonate your bank and tell you that your account has been temporarily suspended and to fix this you must provide the relevant details.

If the cybercriminal is attempting to fool a big target it means that they would require a much bigger and more believable story in order to gain the sensitive information that they are after. To do this the scam artist will go through your social media accounts, what you engage with, and if they can find any immediate family members; this will enable them to build a profile on you which can help them have a more targeted approach.

In extreme cases they could even find where you live and follow you in person, however, this is quite unlikely. However, it should be noted that these attackers will do anything they can to get the information they want, and you should always be wary of how much you share of your personal life online.

The attack aims to get access to:

  • Accounts
  • Data
  • Financial information
  • Networks

 

Phishing

The final and probably most common form of social engineering we will address is phishing. In 2020, it was found that 75% of companies worldwide were a victim of phishing. Cybercriminals target their victims through a variety of communication methods, including email, telephone and text message. Typically, they will pose as a legitimate institution so the target victim will be willing to give over details such as personally identifiable information, banking details and passwords.

96% of phishing attacks use email which means that this is an element of social engineering you should definitely focus on within the workplace and ensure training is done on this. Phishing emails can be used to target any size and type of organisation). The attack on your business could be through the cybercriminal trying to collect new passwords or make some easy money; additionally, it could be a targeted attack where the attacker is attempting to steal your business’s sensitive data.

Once a hacker has found a point of entry into the business’s data systems, they will gain access to important accounts which is likely to result in identity theft and financial loss for your business. Email attacks can allow cybercriminals to do a range of harm including installing malware, sabotaging systems, stealing data, and money.

It is important to understand what to look out for; this includes:

  • Messages which appear too good to be true
  • A sense of urgency has been created
  • They expect you to click on a link
  • There are attachments within the email that you are not expecting
  • It is from a sender you are not expecting to hear from

 

If your business would like further support or guidance, contact us today:

Contact Us | Workplace Connect

Blogs

Review Text

Testimonial #1 Designation

Review Text

Testimonial #2 Designation

Review Text

Testimonial #3 Designation

    Our Partners

    What Is Social Engineering? Workplace Connect
    What Is Social Engineering? Workplace Connect
    What Is Social Engineering? Workplace Connect
    What Is Social Engineering? Workplace Connect
    What Is Social Engineering? Workplace Connect
    What Is Social Engineering? Workplace Connect

    Clients Testimonials

    Stephen Sawley

    Being partnered with WPC is a joy. Their level of service and turnaround is exceptional. As is every member of the support team that I am in contact with. Savvy support and great to work with!

    Mark G

    We have been using Workplace Connect for around 2 years now, and have found them to be a great company to work with. The change over from our last provider was seamless, and we have enjoyed an uninterrupted service since then. They are always available to assist with any enquiries, and deal with all matters promptly. I wouldn't hesitate to recommend them to other businesses.

    Elliot Azim

    I have worked with this company for over 4 years and can safely say that the customer service is second to none. The staff go above and beyond to assist with clients and suppliers and are always very friendly and responsive. I would highly recommend Workplace to anyone looking for a quality IT partner.

      Certifications

      What Is Social Engineering? Workplace Connect
      What Is Social Engineering? Workplace Connect
      What Is Social Engineering? Workplace Connect
      What Is Social Engineering? Workplace Connect

      Get Our Free Guide

      What Is Social Engineering? Workplace Connect
      For more resources, click the link below!

      Latest Resources

      What Is Social Engineering? Workplace Connect

      Why There’s Been a Rise in Supply Chain Attacks

      The rise in cyber-attacks relating to supply chains has increased…

      What Is Social Engineering? Workplace Connect

      How to Handle a Cyber Attack

      Here are five steps you can use to handle the…

      What Is Social Engineering? Workplace Connect

      Law Firms and Insider Threats

      Insider threats are a growing risk to law firms within…

      Subscribe for Latest Cyber Security News & Tips

        Name

        Company

        Email

          Speak to a Specialist