Social Engineering

Sourced by: Canadian Centre for Cyber Security

Threat actors often impersonate a known person, a reputable organization or vendor, or even a government employee. They may try to influence users into doing something which gives them access to your environment, such as changing an account password. With this information, threat actors can steal your organization’s business and financial information, access user accounts, and potentially deploy malware .

Anyone can be a target of a social engineering attack, from an individual employee to the CEO of your organization. Knowing how to identify and safeguard your employees from social engineering attacks is crucial in protecting your organization’s network, systems, and data.

How does social engineering work?

Social engineering attacks are also referred to as “human hacking” since threat actors leverage information they’ve found on the Internet and social media platforms to target individuals and organizations. Threat actors use this information as bait to lure or trick users into disclosing information about their accounts, passwords, and even system access within your organization. Threat actors use psychological techniques to evoke an emotional response to pressure users into completing a task or use attention grabbing titles to get users to click on malicious links.