Social Engineering: More than Just Phishing
by Stefani Laszko
You are probably tired of reading about email security with constant chatter about phishing attacks. I get it, I’ve written 3 other articles on the topic. This month I’d like to go a step further and discuss other ways that criminals gain you or your client’s information through different types of social engineering. Social engineering is the act of manipulating people by appealing to some angle of their human psyche. Phishing is the most talked about one but other top tactics include: pretexting, baiting, quid pro quo and tailgating.
Pretexting involves a scammer who has a presented some sort of back story or pretense for speaking to you that sounds believable. Scammers will use this tactic to gain account information, names of contacts, etc. to use to their benefit. Pretexting is often just one component of a multi-layer scam. With each bit of information they gain, their next interaction with yourself or a co-worker becomes even more believable as they work in the new details they’ve gained into their story.
Baiting involves a scammer offering something up in exchange for information from you. These types of scams are often seen with free music or software downloads. Though it may not be apparent to you, the scammer has gained access to your computer through the download. These types of scams can go undetected as the scammer is collecting information from your computer.
Unlike baiting that provides some form of good, quid pro quo offers up some form of service. A popular scam is random calls made offering to fix your computer or the like. Victims are tricked into thinking they are speaking to someone from their software company and allow access to their system.
Tailgating (or piggybacking) involves someone following you into a secure area. This happens constantly in apartment complexes, where one car just follows another one in. Larger corporations are usually protected from these types of scams as they often require door badges; but mid-sized companies are often used to outside clients, consultants, etc. visiting and may be more likely to allow someone to follow them in.
Though these may be the four most popular social engineering tactics after phishing, this is nowhere near an exhaustive list. Tactics are only restricted to the level of creativity of a scammer. Some things to consider when trying to protect yourself and your business include: do not open emails from an untrusted source, do not give strangers the benefit of the doubt, slow down, reject requests of help from people you don’t know and take the time to research if something just feels “off”. These scams are not going anywhere, rather they are growing and evolving every day so you must remain diligent to protect yourself and your clients.