Close this search box.

Ten social engineering cybersecurity threats


Social engineering cybersecurity attacks use human nature to prey on our trust, greed, fear, curiosity and even our desire to help others.

A study shows that 75 per cent of respondents believe that social engineering and phishing attacks are the biggest danger to cybersecurity at their company. Carlos Salas, an engineering manager at NordLayer, shares 10 social engineering techniques that hackers may use to target both individuals and organisations. According to Salas, “Social engineering is one of the easiest ways to get access to sensitive data, especially when employees haven’t been trained on how to recognise and combat it.”

Baiting –Social engineers use bait to lure users into a trap that steals their personal information or infects their systems with malware. For example, infected USB memory sticks are left in parking lots or offices, tempting people to see what’s on them. Don’t ever try to check inside unattended USB devices, report to security if you see them lying around.

Pretexting – An attacker uses a made-up scenario to provoke an employee to disclose sensitive information. It requires researching the target to make the scenario plausible and to gain the trust of the victim. If that happens, the most important thing is to verify the identity, avoid sharing personal details and report the cybersecurity incident to the IT team.

Watering hole – the attacker infects an existing website or creates a fake website that mimics an existing website often used by a certain group of people, for example, employees of a company. The goal is to infect a targeted user’s computer and gain access, for instance, to the network at the target’s workplace. To protect yourself only access websites that have HTTPS in the URL code, update your software, and use malware-detection tools.

Quid pro quo – These attacks rely on people’s sense of reciprocity. Attackers offer services, assistance, or other benefits in exchange for information.To prevent information loss, verify the identity of IT technician, question methods and tools, and use anti-malware software.

Scareware – is a form of malicious software, usually a pop-up that warns that your security software is out of date or that malicious software has been detected on your machine. It fools victims into visiting malicious websites or buying worthless antivirus software. Use an ad-blocker and reputable antivirus and avoid clicking on pop-ups. 

Tailgating and piggybacking – involve an attacker accessing a secure or restricted area. For instance, a person might tailgate an employee into the office, claiming to have lost their access card, pretending to be a repair technician, or holding coffee cups in both of their hands and asking for your help with the door.

Vishing – also known as “voice phishing,” is a practice of eliciting information or attempting to influence someone via the telephone. In 2021 alone, TrueCaller reports that Americans lost $29,800,000 to phone scams. Avoid cybersecurity threats by not responding to emails or social media messages that ask for your phone number.

Shoulder surfing – is the bad actor watching their unsuspecting victim while they’re entering passwords and other sensitive information. But this technique doesn’t have to be looking over their shoulder it could be employed by the hacker from a distance if they use binoculars or hidden cameras. Make sure to use strong, single sign-on passwords, biometrics, and 2-factor authentication.

Dumpster diving – is when attackers go through your company’s trash looking for documents containing sensitive or confidential information. Always use a file shredder to prevent information leakage.

Deep Fakes – are synthetic media in which a person in an existing image, audio, or video is replaced with someone else’s likeness. It is possible to detect deep fakes. Make sure to check for shadows appearing on the face, notice if eyes are blinking and try to detect wrinkles. Beware of poor-quality phone call recordings and pay attention to how letters like f, s, v, and z are pronounced — software has trouble differentiating them from noise.

CTS The industrialisation of IT
CTS - Industrialisation of IT
Related Posts
CTS The industrialisation of IT
Others have also viewed

Tech businesses have increased AI usage to improve business operations

New data shows a recent acceleration in AI uptake across the tech sector, while implementing ...

Cost is biggest barrier to democratisation of AI

Almost two thirds (61%) of business decision-makers believe that large enterprises will be the primary ...

Eight pioneers chart a sustainable future for UK manufacturing

Digital Catapult, the UK authority on advanced digital technology, has welcomed eight technology pioneers to ...

Revolutionising medicine with the promise of growing human organs

Growing human organs holds immense importance in modern medicine, offering solutions to critical healthcare challenges. ...