Social engineering is a tactic used to manipulate, influence, or deceive a victim in order to gain control over a computer system or to steal personal and confidential information. It is a psychological manipulation of people into performing actions or divulging confidential information). Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. Some examples of social engineering include:
-
Phishing: This is a type of social engineering attack where an attacker sends an email or message that appears to be from a legitimate source, such as a bank or social media site, in an attempt to trick the recipient into providing sensitive information.
-
Baiting: This is a type of social engineering attack where an attacker offers something enticing, such as a free download or gift card, in exchange for personal information or access to a computer system.
-
Pretexting: This is a type of social engineering attack where an attacker creates a false scenario or pretext to gain the victims trust and obtain sensitive information.
-
Quid pro quo: This is a type of social engineering attack where an attacker offers a service or benefit in exchange for sensitive information or access to a computer system.
Social engineering attacks can happen online, in-person, and via other interactions. The best way to prevent social engineering attacks is to be aware of the tactics used by attackers and to use common sense when dealing with requests for sensitive information or access to computer systems.