Social Engineering video accessible version
Social engineering is the act of manipulating someone into divulging information or performing a specific action that can compromise an organization or its computer systems.
Social engineering attacks typically happen in several steps.
First, the threat actor investigates the target and gathers background information, such as organizational hierarchy and trusted contacts.
Second, the threat actor initiates contact with the victim, encouraging them to reveal sensitive information or grant access to critical resources.
Social engineering is a common tactic because it is easier to rely on human error than it is to find system vulnerabilities.
Threat actors will often use social engineering tactics as a first step in a larger campaign to infiltrate a system, steal sensitive data, or disperse malware.
Phishing is one of the most used social engineering attacks.
Phishing emails create a sense of urgency or fear, typically by requesting an immediate reaction by the recipient.
Often, these emails are sent from fake accounts that closely mimic the victim’s supervisor. Phishing emails lure their victims into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
You can avoid social engineering attacks by always checking the domain name of sender’s emails, using multi-factor authentication, never sending personal information via e-mail, and checking with a member of your organization for confirmation if you are unsure.
Thank you for watching.
For more information on social engineering and how to stay cyber safe, visit cybersecurityontario.ca.