What is social engineering? If you ask your 8-year-old, he might explain a social engineer as a really friendly train driver. Unfortunately, that is not how we’re using the phrase today!
Sophos created a series a few years back wherein they translate technical jargon into normal English. Their bit on social engineering might be worth dusting off and looking at again.
Sophos defines social engineering as,
“The act of manipulating people into taking a specific action for an attacker’s benefit.”
Yes, this can be as broad as it sounds! But generally, social engineering will include things like phishing, spear phishing, and even CEO fraud.
All that said, there is no arguing that social engineering is difficult to deal with. Sophos gives us a list of things to keep top of mind for securely using technology in a world of social engineers:
- “Trust your gut feeling – if something seems fishy, slow down, take no action, and verify the situation. For example, speak to your boss in person if you aren’t sure if an email really is from them.
- If someone’s asking for sensitive information like a username and password over the phone, hang up. Legitimate customer service or technical support staff would never ask for this information.
- Avoid clicking links in emails or opening email attachments, especially when they’re unexpected. Remember that attackers can easily pose as someone you know or work with.
- Remember that you are in control. Don’t let anyone talk you into doing something you’re not sure about – ignore pressure tactics to get you to act and take a step back.”
And if you want a more in-depth article, Know B4 has some great resources on the topic: https://www.knowbe4.com/what-is-social-engineering/