Social Engineering

What is Social Engineering

Social engineers will try to take advantage of our behavior. Criminals can exploit people using various methods through the phone, online, or in person.

They typically will find directory information, org charts, or other public information online. Using this information, they will likely try to gain entry to a building or gain sensitive/confidential information.

What Does Social Engineering Look Like?

On the phone

A malicious actor may call and pretend to be the IRS, law enforcement, or a vendor. Typically, they will ask for personal information or payments. They may even say they spoke to your direct supervisor beforehand to trick you into thinking they are legitimate.

Online

Social networking sites provide easy to find information about companies or people. Sites like LinkedIn, Facebook, Twitter and more may be able to provide all the information a bad actor needs.

Phishing emails or messages with fraudulent links are often used as next steps. Criminals may even make their messages look like they’re coming from your coworker or supervisor.

In Person

Bad actors may ask, “Can you hold the door? I don’t have my key card with me.”. This tactic is known as tailgating, and can allow social engineers to gain access to areas they are shouldn’t have access to.

How to Protect Yourself Against Social Engineering.

1. Be suspicious of emails and messages that attempt to have you click on links or make purchases. Always check that the sender information is correct.
2. Be careful of what you say online. Your public information may be used against you.
3. Confirm outside communication with your supervisor before giving data to vendors or external callers.
4. Ask individuals for ID if you see them accessing an area that is restricted.