Social Engineering

KZero Staff
Jul 27, 2023

Social engineering is a specific type of cyber attack where a victim is tricked into leaking some valuable information such as personal data and credit card numbers. This type of attack usually results in a benefit for the attacker, who uses persuasion and manipulation to achieve the desire outcome.

Among the several types of social engineering, we can find:

  • Phishing attacks: These are some of the most common types and usually involve an email or a text message that the victim believes to come from a legitimate source. Common examples of phishing attacks involve banks or credit card companies. Hyperlinks that take the victim to a fake website are often included in these messages.
  • Baiting: This often involves an attractive promise such as the opportunity to obtain significant financial gains and it can take place either on the Internet or in the physical world. A common example is a USB flash drive being left on the floor with a catchy note or a trusted logo aimed at deceiving the victim so that malware can be installed as soon as the USB drive is inserted into the computer.
  • Vishing: This technique leverages phone calls to get victims to give away personal information and gain access to restricted services. These attempts often target older people and attackers tend to pretend to be officials or bank representatives.
  • Pretexting: This is a special type of attack that leverages social engineering to obtain specific information such as passwords in order to gain some benefit. Pretexting usually involves a pretext that is able to convince the victim of the trustworthiness of the attacker who will pretend to be a qualified counterparty such as an executive of a company, an IT technician, or an investor.

There are many ways to protect yourself from social engineering attacks, such as:

  • Always be particularly careful about text messages and emails that require you to provide personal information;
  • Always verify that a specific link is trustworthy and the source is legitimate;
  • Do not give away information over the phone unless you verify the identity of the interlocutor;
  • Enable Two-factor authentication;
  • Do not trust messages that have a particular level of urgency—these are usually phishing attacks.
KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Interested In
Next-Gen MFA?

Discover Multi-Pass enterprise passwordless authentication

Share the page: