Social engineering is a tactic used by cybercriminals to trick individuals into divulging confidential information. Here are ten common ways social engineers gain access to confidential information:
- Phishing: Social engineers send an email or message that appears to be from a legitimate source, such as a bank or company, and requests sensitive information like passwords or account details.
- Baiting: Social engineers leave a tempting item, such as a USB drive or CD, in a public place in the hope that someone will pick it up and use it on their computer, which is infected with malware.
- Pretexting: Social engineers create a fake persona or pretext, such as posing as an IT support person or government official, to trick individuals into divulging information.
- Tailgating: Social engineers gain access to a secure area by following an authorized person, such as an employee or visitor, through a locked door.
- Piggybacking: Social engineers gain physical access to a secure area by requesting entry while impersonating an authorized person or pretending to have a legitimate reason for entry.
- Reverse social engineering: Social engineers make an individual feel important or valued in order to build trust and convince them to divulge confidential information.
- Spear phishing: Social engineers send highly targeted and personalized messages to a specific individual or group in order to gain access to confidential information.
- Phone phishing: Social engineers call individuals and pretend to be a legitimate source, such as a bank or company, in order to request confidential information.
- Dumpster diving: Social engineers search through an organization's trash to find sensitive information, such as financial statements or employee records.
- Human hacking: Social engineers use a combination of these tactics and other psychological tricks to manipulate individuals into divulging confidential information.
In order to protect against social engineering attacks, individuals and organizations should be vigilant, exercise caution, and follow best practices for data security and privacy.
For more information about our
CATSCAN services contact us today