What is Social Engineering?

The meaning of social engineering

Social engineering is a form of manipulation whereby attackers utilise human psychology to deceive and persuade individuals to disclose confidential information, grant access to systems, or perform certain actions detrimental to the organisation's security. Social engineering is also referred to as "human hacking."

The goal of social engineering is to exploit the weakest link in security, namely human behaviour, to obtain valuable information. This can include obtaining passwords or banking details. This is done by cybercriminals pretending to be helpful and trustworthy.

Why do criminals use social engineering?

Criminals prefer social engineering because it is often easier to deceive someone than to crack a password themselves. They leverage emotions such as fear, urgency, or respect for authority to achieve their goals. Some aspects that criminals often exploit include:

  • Threatening with business or personal consequences;
  • Time pressure (direct call-to-action);
  • Helpfulness, gullibility, and curiosity of employees;
  • Projecting authority.

What social engineering methods are used?

Examples of social engineering attacks include:

  • Email phishing: Criminals try to gain access to personal information, bank and login details or data by "fishing" for (sensitive) data or information.
  • Phishing by telephone, also known as voice phishing or vishing: A social engineering technique, in which a criminal tries to manipulate someone over the phone to give up confidential information or perform certain actions. 
  • A mystery guest: An attack method whereby a criminal attempts to physically infiltrate an organisation with the aim of obtaining sensitive data.
  • USB dropping: A method in which criminals distribute infected USB flash drives to infect systems with malware to gain access to computer systems and (sensitive) information.

Other examples include deceiving people by impersonating someone with authority and creating a false sense of urgency. From our own experiences, we know how alarmingly effective it is to manipulate someone with the use of social engineering.

Social engineering on the rise. What does it mean for organisations?

The increasing trend in phishing and deception by cybercriminals requires extra vigilance from organisations. The challenge is clear: making employees aware that they are on the front line when it comes to defending against cybercriminals. Through a periodic approach, knowledge within organisations remains at a high level. This significantly reduces the chance of a successful cyber attack.

Start with security awareness training

Prevention and awareness on social engineering

To prevent social engineering, it is important to regularly provide security awareness training and create awareness among employees. It is important to create a culture where suspicious activities are reported and security protocols are maintained. If something suspicious happens, it is important that everyone in the organisation knows how to respond. This way, social engineering practices are quickly identified and handled correctly, thereby minimising the potential consequences - which can be significant.

Are you curious if your colleagues are susceptible to manipulation? Then try a phishing simulation. Such investigations are essential to truly measure behaviour and are indispensable in an ongoing security awareness campaign.

+31 (0)88 018 16 00 info@awaretrain.com