Security Glossary

Social Engineering

A tactic attackers use that involves manipulating people (rather than hacking computers) to gain unauthorized access or information. In a social engineering attack, the bad actor might trick someone into breaking normal security procedures - for example, posing as an IT support person on the phone to get an employee to reveal their password, or sending a convincing email that lures someone into clicking a malicious link.

Phishing is the most common type of social engineering (via email), but there's also "vishing" (voice phishing via phone), "smishing" (SMS/text phishing), and in-person tricks like tailgating (following someone through a secure door). The key is that the attacker exploits human trust, curiosity, fear, or helpfulness.

For instance, an attacker might drop a USB stick in the company parking lot labeled "Q1 Salaries" hoping someone will plug it in (curiosity wins, and it installs malware).

Combating social engineering requires both technology (spam filters, caller verification) and awareness - staff should be wary of unsolicited requests for sensitive info and verify identities through a second channel if needed.

In short, always think twice when someone asks for credentials or makes an urgent unusual request, even if they seem legitimate.

Category:
Human Risk Management
Let's Talk

Simplify your security, strengthen your business.

Not sure where to start? Book your free 15-minute chat and we’ll guide you through it.

Book a Call