Social engineering are a broad range of malicious attacks accomplished through human interaction.
How to identify social engineering techniques.
Anywhere there is human interaction there is potential for social engineering.
The most common techniques used are:
Baiting: This form attack uses the victims naivety by presenting them with lure such as a flash drive with malware loaded on to it. A software example of baiting would be an ad that downloads malicious software.
Scareware: A victim receives a false alarm such as a pop up or an email saying that your system has been infected with malware and offers a tool to protect you from the malware when in fact it is doing the exact opposite.
Pretexting: An attacker gains information through a series of well crafted lies. First the attacker gains trust by posing as a colleague or an authority figure. The goal of this sort of attack is to question the victim until they receive important Personal Identifying Information.
Phishing: One of the more popular attacks. Phishing attacks are emails or text messages that look official that require the victim to take immediate action. Once the victim clicks the link the are taken to a page where they enter sensitive information that is then captured by the attacker.
Another more sophisticated version of phishing know as spear phishing targets a specific individual in the organization such as a high level director. The attacker knows details about enterprise environment and might include details about a department or a specific role within the organization. They also might pose as a IT Supervisor or Consultant to gain trust.
How to prevent social engineering attacks.
Beware of suspicious emails
Don’t download anything that hasn’t been approved by IT
Use Multi-Factor Authentication
Secure system with anti-malware/anti-virus software