What Is Social Engineering?

Social engineering is the art of manipulating, influencing, or deceiving to gain control over your computer system. A hacker can use the telephone, email, postal correspondence, or direct contact to gain illegal access. Examples include phishing, spear phishing, and CEO Fraud.

Who is doing social engineering? It could be a hacker from the United States who wants to damage or disrupt a business. It could be a member of a cybercriminal group from Eastern Europe trying to penetrate your network and steal money from your bank account. Or it could be a Chinese hacker trying to infiltrate your organization’s network for corporate espionage.





A made-up script is used to attract a potential victim to increase the likelihood that the victim will take the bait. It is a false motive that usually involves some real information about the person to get even more information. For example, date of birth, identification code, residential address.


Diversionary Theft

A scam is carried out by professional thieves and usually targeting a shipping or courier company. The goal is to trick the company into delivering a shipment not to its intended destination, but directly into the hands of a cybercriminal.



An attempt to obtain sensitive information such as usernames, passwords, and credit card information by pretending to be a well-known organization. Attackers usually use attention-grabbing emails that bypass spam filters. In the emails, they pretend to be representatives of popular social sites, banks, auctions, or IT administrators. That builds people’s trust.


Spear phishing

A small, targeted email attack on a specific person or organization that helps to break through their security. A spear-phishing attack is carried out after researching the target and has a special personalized component that pushes the target to do something against their interests.


Watering hole attacks

That is a computer attack strategy in which an attacker investigates which websites an organization/person often uses and infects them with malware. Over time, one or more members of the target group get infected and the attacker gains access to the security systems.



In this case, the attacker slips something to the victim to get them to act. It can be a peer-to-peer or social networking site in the form of a movie download (porn) or a USB stick labeled “Q1 dismissal plan” left in a public place for the victim to find it. After using the device or downloading a malicious file, the victim’s computer becomes infected, allowing the criminal to take over the network.


Quid Pro Quo

In Latin it means “something for something,” in this case it is a benefit to the victim in exchange for information. A good example is hackers pretending to be IT support. They will call everyone in the company and tell them that they have a quick solution and “you just need to disable your AV”. Anyone who falls for this will get ransomware-type malware installed on their computer.



A method used by social engineers to gain access to a building or other secured area. An observer waits for an authorized user to open and pass through a secure entry, and then follows right behind.


Honey Trap

A trick that gets men to interact with a fictional attractive female online. Derived from an old spy tactic that used a real woman.



Also known as Rogue Scanner, rogue anti-spyware, rogue anti-malware, or scareware, rogue security software is a form of computer malware that tricks or misleads users into paying for fake or simulated malware removal. In recent years, rogue security software has become a growing and serious threat to computer security. It is very popular, and there are dozens of such programs.


Source: knowbe4

Related Posts

Hackers need just 15 minutes to scan for vulnerable devices after bug disclosure

  Hackers around the world have resorted to a ridiculously simple tactic where they scan official websites of software vendors for announcements of vulnerabilities and start scanning for them in the software’s system within as less as 15 minutes of the official disclosure, latest research has revealed.   The revelation comes amidst ever-increasing disclosures of […]


Here we are: 1 in 3 employees don’t understand why cybersecurity is important

  Even worse – only 39% say they’re ‘very likely’ to report a security incident.   A startling new report indicates the disconnect between employees and their company’s cybersecurity efforts.   Nearly one in three (30%) employees don’t think they personally play a role in maintaining their company’s cybersecurity posture, according to new research from […]

Leave a Reply

Your email address will not be published.