Social engineering is the manipulation technique used by cybercriminals to trick people into giving up confidential information. Social engineering relies on the basic human instinct of trust to steal personal and corporate information that can be used to commit further cyber-crimes.
Social engineering is hard to defend against because human beings are unpredictable. There is no way of knowing who will fall for a social engineering attack. Cybercriminals hope to catch the victim off-guard when they forget to remain alert to cyber-attacks.
Social Engineering Scenario
Social engineering happens because of the human instinct of trust. Cybercriminals have learned that a carefully worded email, voicemail, or text message can convince people to transfer money, provide confidential information, or download a file that installs malware on the company network.
Savvy cybercriminals know that social engineering works best when focusing on human emotion and risk. Taking advantage of human emotion is much easier than hacking a network or looking for security vulnerabilities.
Cyber atackers will attempt to take advantage of:
Consider this example of spear phishing that convinced an employee to transfer $500,000 to a foreign investor:
Thanks to careful spear phishing research, the cybercriminal knows the company CEO is traveling.
An email is sent to a company employee that looks like it came from the CEO. There is a slight discrepancy in the email address – but the spelling of the CEO’s name is correct.
In the email, the employee is asked to help the CEO out by transferring $500,000 to a new foreign investor. The email uses urgent yet friendly language, convincing the employee that he will be helping both the CEO and the company.
The email stresses that the CEO would do this transfer herself but since she is travelling, she can’t make the fund transfer in time to secure the foreign investment partnership.
Without verifying the details, the employee decides to act. He truly believes that he is helping the CEO, the company, and his colleagues by complying with the email request.
A few days later, the victimized employee, CEO, and company colleagues realize they have been a victim of a social engineering attack and have lost $500,000.
Having a trusted solution like Kaspersky Endpoint Security, with configuration done and verified by experts can make your life hustle free because it will ensure that your network is in check all the time and nobody will exploit.