Social engineering

We often imagine that hacking is done by people with highly advanced computer skills. Although this can be true of some cyberattacks, many hackers don't rely on advanced computer skills at all, but instead prey on people's trust or fear.

Social engineering is a collective term for many different ways of manipulating people in order to compromise a system.  Computer systems can be secured by a variety of technical means, but none of those precautions will matter if the people who use the system do not observe secure practices.

It's important to understand social engineering because it is often easier for a hacker to manipulate people into insecure practices than it is to directly attack a system.

There are many social engineering tactics, but the basic idea is the same for all: a hacker will pretend to be someone they are not, and will try to trick or bully someone into giving away sensitive information that the hacker needs to carry out their attack.

Training, common sense, and a little skepticism are the best defence against social engineering. Sensitive information should never be given out. Legitimate organizations should never ask for passwords or usernames. Remote access to a device should never be given to someone you do not know. Files from unknown sources should never be opened.

Hackers will try to take advantage of people's desire to help or their respect for authority. If a request for information seems suspicious, it is always better to say no.

  • Phishing
    Understand what phishing is, and how to best protect your business.
Date modified: