Elaine’s Security Minute: What is Social Engineering

Photo of Elaine Rouse

Social engineering has been around for as long as humans have been able to communicate with one another. Basically, it is a con. In cybersecurity terms, it is a game plan designed to trick you into giving out information sought by the attacker, such as your login information to your email account. Social engineering attacks are on the rise, and in 2021, they accounted for 85% of all attacks.

There are several different types of social engineering, but we will focus on the ones an individual is most likely to encounter:

  1. Phishing – This is an email that is designed to appear to come from a trusted source. This could be someone you personally know and email with on a regular basis, or it could be a business that you frequently use, such as Amazon or your bank. Some phishing emails are designed to make you think you are getting a large sum of cash, some are designed to get you to click on a link that will download malware onto your computer, and some are designed to get you to give out your username and password to an email account or another account. This is the largest type of social engineering attack being seen today.
  2. Vishing – This is a social engineering attack over the phone. Caller ID can be spoofed just as easily as email, so be aware that the name you see pop up on your Caller ID might not be who you think it is. A good rule of thumb is to never answer a call from a number you do not recognize. If it is important, they will leave a message.
  3. Smishing (SMS Phishing) – This is a social engineering attack using text (SMS) messaging. If you receive a text with a link to click, you will need to verify its legitimacy before clicking. Most of the time, the link will download viruses and/or malware onto your mobile device. Also, be wary of group texts. They are designed to trick you into opening the text and possibly downloading content onto your device.
  4. Baiting – This is a social engineering attack designed to lure you into providing sensitive information with the promise of something of value for free, such as a gift card. As someone once said, “There is no free lunch.” Be extremely cautious with any offers like this.

With the technological advances of firewalls and anti-virus and anti-malware software, criminals are resorting to the old-fashioned con in order to get the information they desire. Today, information is a valuable commodity, and you need to take steps to protect it!

By Elaine Rouse