Cybersecurity 101: What Is Social Engineering?

October 23, 2019
Mark Guntrip

In the cybersecurity industry, we use a lot of buzzwords and acronyms, which, while helpful at times, can also confuse our meaning.

In an effort to promote clarity, we are kicking off our cybersecurity 101 blog post series which will help set a standard for cybersecurity term definitions. We’ll begin with Social Engineering—what it is, how it works, and how you can protect yourself against it.

What is social engineering?

Social engineering is a type of attack where scammers trick people into giving them access to sensitive information through a combination of manipulation and human.

Social engineering techniques, including phishing, in-person attacks, phone calls, and more, take advantage of a victim's trust to evade perimeter defenses, steal data, and access private networks. While social engineering is easy to define, these attacks typically aren't easy to recognize in real-time. 

How does social engineering work?

Attackers are experts and know how to earn your trust, hijacking your typical thought process to make you cooperate on their behalf. These interactions can seem so routine that you may not realize your mistake even after the crime has been committed. Social engineering can range from a malicious link in an email to a "friendly" visitor in the office.  

Instead of finding the key, it is easier for criminals to ask someone to hold the door. For example, let's say you get a call from Joe Smith, who says he works in IT at your company and needs to initiate a new software update on your computer. He mentions your manager has put in the request for you. Joe needs your login password to start this update, so you give it to him over the phone. Later, you find out your computer has been hacked and someone has been sending emails on your behalf. Joe did not work for your company; he used social engineering to manipulate you into thinking he did by his conversational tone. 

How can you protect yourself?

Socially engineered attacks are centered on people, not technology. Individuals should be educated on being able to recognize and report attempts that get through.

To help you and employees at your company avoid social engineering attacks, check out our customizable training materials.