Social Engineering

Organizations are under cyber threat from threat actors including cyber criminals, hacktivists and nation state agents. While all organizations should have strong defences that help prevent cyber attacks, threat actors have tactics, techniques and procedures designed to evade these defences. A primary method of attack uses social engineering.

Obtaining Information Through Social Engineering

What is social engineering?

Social engineering is the use of deception to exploit human nature, our habits and our trust in order to gain information or access information systems. Threat actors attempt to drive desired behaviour through fear including fear of missing out, intimidation, coercion, urgency, opportunity or even befriending the user.

Information sought by threat actors can include:

  • Confidential information, such as passwords and login credentials
  • Personal information, such as bank information

Identifying & responding to social engineering attacks