Welcome to our What is… series,
where we turn technical jargon into plain English.
It’s a key part of criminal activities, often an important step in phishing campaigns. But what is social engineering, exactly?
Social engineering is the act of manipulating people into taking a specific action for an attacker’s benefit. You might think it sounds like the work of a con artist – and you’d be right.
Since social engineering preys on the weaknesses inherent in all of us, it can be quite effective. And without proper training it’s tricky to prevent.
If you’ve ever received a phishy email, you’ve seen social engineering at work. The social engineering aspect of a phishing attack is the crucial first step – getting the victim to open a dodgy attachment or visit a malicious website.
Crooks have a lot of weapons in their social engineering arsenal to get recipients to take action, including:
- Creating a sense of urgency, perhaps by setting a deadline for action
- Impersonating someone important such as your company’s CEO
- Mentioning current events to make messages more authentic
- Obscuring malicious URLs to make them look legitimate
- Offering an incentive like a payout or a promotion
Phishing can’t work unless the first step – the social engineering – convinces you to Read more