Social engineering crossword puzzle cybersecurity concept flat design illustration id653513376 %281%29

The Big Three: Knowing the common tactics of Social Engineering

Social engineering is the practice of preying upon and manipulating human emotion in order to receive sensitive information for fraudulent usage. As technology advances, the tactics used by hackers also gain headway because they know the best way to obtain your information isn’t through hacking and cracking— it is getting you to let them in.  All it takes is one action from an end-user, i.e. you, to compromise your privacy. Knowing what the three main categories of social engineering are (digital, in-person, and phone) along with some basic security training, you can avoid the dangers of social engineering.


DIGITAL: Remember the urgent email you received that required a password reset? It could have been an attacker “Phishing” for your information. Phishing emails are the most common type of social engineering. Digital attacks use email or text that trick you into taking action, like opening an infected attachment or clicking on a malicious link. Once you reveal your password on a falsified weblink, the hacker will use your password to gain access to your account and companies information. 


IN-PERSON: Also known as Tailgating, hackers gain access by hacking humans. Through face to face interaction, a tailgater will insert themselves into a work environment gaining trust from employees while posing as a colleague. Once they are accepted as an employee, they find a physical workstation or network connection and infiltrate the companies network. An example of how this can be done is through a USB attack— a drive appears via mail or as a lost drive and once the hacker plugs into a device, the system and data are compromised. 


PHONE: Similar to phishing, vishing (voice phishing) and smishing (SMS/text phishing) are tactics that play off of creating a sense of emergency requiring action from an end-user. Vishing is a phone call based on social engineering in which a hacker calls you with a pre-recorded message that claims to be a support representative who has identified a problem with your account and urges you to call a fake customer support number. They may ask you for sensitive information like credit card information, social security numbers, date of birth, or security pins. Using this information the hacker can compromise your accounts. Smishing is a form of phishing through text messages. The text message will ask you to call a number or click on a link. Links can even contain some of your bank info to seem more realistic. 


The one thing that these categories of Social Engineering all have in common is that they require end-users in order to be successful. Thoroughly understanding the tactics of Social Engineering and learning how to read the red flags will help avoid the malicious outcomes hackers have planned with your private and sensitive information.

Privacy Policy | Terms of use

© 2019 Cingo Solutions. All rights reserved.

Cingo bg1 Cingo bg2 Cingo technician Contact Email Evaluate Fs1 Hc1 Implement Maintain Network Np1 Ps1 Surround Server Shield Surround Surround1 Surround2 Surround3 Surround4 Wydk