Definition of Social Engineering.
In social engineering, a cybercriminal is basically relying on social activities (and interactions) of human beings to collect information by tricking them. For example, asking people to open a phishing email (with attached malware) and thus breaking standard practice of an organization related to the best practices for minimizing risks. Social engineering often involves human socialization and interaction rather than hacking a network. The criminals are basically con artists. Criminals are interested in gaining “confidence” of a person so that he/she might share confidential information of a business for further exploitation or hacking activities in the future.
Types of Social engineering.
There are several types of social engineering attacks. Such as, baiting; phishing; pretexting; quid-pro-quo; spear phishing; and tailgating.
In baiting, criminals leave a malware infected device to be opened by an innocent person.
In phishing, criminals make fraudulent communication (appearing to be legitimate). Victims are tricked to opening an email with an appearance of a legitimate sender. Charity to help poor (but has malware).
In pretexting, criminals are scammers interested in victims to disclose confidential information.
In quid pro quo, criminals are offering a gift item to attract a victim for obtaining personal data.
In spear phishing, criminals are collecting data from social network (Facebook) and customizing this data to gain confidence of a victim in order to reveal personal information or trade secrets.
In tailgating, criminals actually follow victims to his office or home. Example asking a victim to hold a door open while criminal installs a bug (secretly) capable of transmitting data about victim’s activities.
How to avoid social engineering risks. It is best to educate people and remind them constantly about dangers. Constant reminder is a must. Otherwise, people forget and tend to overlook cyber risks.