Social Engineering
In the context of IT Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. It may also be defined as “any act that influences a person to take an action that may or may not be in their best interests”.
There are six main characteristics in Social Engineering:
- Authority
- Intimidation
- Consensus / Social Proof
- Scarcity
- Urgency
- Familiarity / Liking
Hackers apply various attack vectors:
- Vishing
- Phishing
- Smishing
- Impersonation
- Pretexting
- Spear Phishing
- Water Holing
- Baiting
- Quid Pro Quo
- Tailgating
Possible counter measures:
- Training
- Apply standard frameworks of Trust
- Scrutinize information
- Security Protocols
- “Fire drills”
- “Inoculation”
- Review