Social engineering has emerged as one of the most successful attack vectors in recent times. Advances in IT security have made it increasingly difficult to hack into a well-guarded enterprise. Network defenses, encryption and smarter detection have forced cyber-attacks to look for easier targets which increasingly mean the soft underbelly represented by employees.
A social engineering attack, targeting the human factor, is typically carried out by an external assailant who deliberately manipulates an employee’s good intentions (i.e. their willingness to assist) or general curiosity, such as enticing them to click on a link in an email to a malicious website.
Tailgating– The social engineer closely follows employees into secure areas before the door has closed.
Pretexting– A social engineer convinces an employee, in person or by phone or email, to hand over confidential information by impersonating someone else.
Phishing– Sending an email which is disguised to appear as though it comes from a legitimate source and encourages the target to activate the attached malicious file or click on a link that directs the victim to a website hosting malicious code or requesting personal details.
Baiting– This is where a social engineer leaves infected USB keys or other media in common areas such as lunch rooms, parking lots or foyers for employees to pick up and insert in their computers.
RMCyberethics welcomes the opportunity to discuss and design a customized social engineering engagement for your organizations ability to defend itself against this type of attack method. Addressing the human factors in cyber security that affect your organisation can improve overall cyber resilience.