Social Engineering and Phishing continue to be a huge problem in many companies, including the company where I work. Social engineering is the tactic of manipulating someone to divulge sensitive or confidential information. This information can then be used for fraudulent purposes. This type of manipulation targets human vulnerabilities and is often considered human hacking.
A social engineer will usually pose as a legitimate person and build trust with their victim. This allows them to gather information as they build trust with their victim. This process may only take the span of a few hours, but can also continue for several months while the attacker continues to gather information.
Social engineers often pose as trusted individuals in your life. These may include: a friend, coworker, boss or even your own bank. The most common one at my work tries to trick you into thinking it is from the CEO. These emails may contain malicious links or downloads. They may also ask for private or secure information. I personally have received such emails from my bank with urgent request for my personal information. These emails are worded in such a way as to evoke an emotional response. They tell you that this is a most urgent manner and must be dealt with immediately. The most important thing is to slow down and think if it really makes sense. If it seems off or unusual definitely stop and verify the information.
The most common phishing scam that I see at my job is a fraudulent email from the boss/CEO. It’s usually something like “Hi, I am out of the office today and I need you to go right now and buy $$$ of gift cards. Email me back when you have the gift cards. “ This email will look legit on the surface. But if you look at the actual sender you can see that yes it uses his first and last name, but it is not from our email @ofco.com. And it is usually sent to around 5 – 10 people in our organization. Us older folks recognize the scam and just shift delete. We also realize that he has a whole box of gift cards in his office. We would never need to go buy any. But the boss will get a little flurry of people calling or stopping in to ask “Did you send that email?” The best practice is just to slow down and really look at the email without responding. If something seems off it usually is. Better to be safe than sorry.
5 Common Hacking Techniques for 2021 (mitnicksecurity.com)
What is social engineering? A definition + techniques to watch for (norton.com)