Special | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ALL
Social engineering is the use of deception to exploit human nature, our habits and our trust to gain information or access information systems. Threat actors attempt to drive desired behaviour through fear including fear of missing out, intimidation, coercion, urgency, opportunity or even befriending the user.
Information sought by threat actors for fraudulent purposes can include:
How is it successful?
Social engineering attacks are successful because they exploit human nature while skirting typical cyber security defences.
These attacks are particularly insidious because they are stealthy and are often well established before becoming apparent.
Threat actors do their homework. They target people who are less likely to check before taking the requested action. In other words, they target people who are easier to manipulate.
Are you an easy target? If you receive an email from a leader in your organization asking you to complete a task quickly, would you take the time to scan the message for signs of a social engineering attack? And would you feel comfortable following up to confirm the authenticity of the request before taking any other action?
The threat actor is looking to collect enough information to infiltrate an organization's network or your financial accounts.
To be successful, the cyber threat actor merely needs to get the individual to do what is requested of them. Unfortunately, because these attacks rely on our curiosity, insecurity or trust to gain access, they tend to be very successful.
Social engineering tactics
Knowing how threat actors can use you to gain access to information and systems is critical.
Tactics and techniques used in social engineering attacks include: