EDITOR’ S question
KALLE BJORN, SENIOR DIRECTOR, SYSTEMS ENGINEERING – MIDDLE EAST, FORTINET
social engineering attack is any use
A of psychological manipulation to trick humans into making a security mistake such as giving away sensitive information, and there are certain traits that are endemic to human behavior that social engineering cyberattacks seek to exploit.
One example is to exploit the human practice of reciprocity. Social engineering attackers abuse this tendency by offering advice, something exclusive, or personalising their offer to make the target feel obliged to give something back. After someone commits to a course of action, they feel obligated to stick with their decision. An attacker using social engineering tools can exploit this by having the victim agree to small things before asking them for something bigger. They may also have them agree to an action before its risks are obvious.
People are also far more likely to get behind a product if other people they trust have endorsed it. Attackers may use social networking to exploit the social proof concept by claiming that the victim’ s online friends have already endorsed an action, product or service. Furthermore, people naturally tend to trust authorities more than those with less experience or expertise. Hence, an attacker may try to use phrases such as‘ according to experts’ or‘ science proves’ to convince a target to agree to something.
The same psychological tactic can be applied when we consider that people have a tendency to give
People are also far more likely to get behind a product if other people they trust have endorsed it.
more credibility to those they like than those they do not. To exploit this, a social engineering attacker may try to appear trustworthy, attractive, or like someone who shares similar interests.
A lack of education and awareness can leave your organisation vulnerable to costly scams and cyberattacks. It’ s therefore so important to build a human firewall by training employees and maintaining high-security standards.
To help employees spot a social engineering attack, organisations can train them to look for signs such as an emotional plea that leverages fear, curiosity, excitement, anger, sadness, or guilt, a sense of urgency around the request, or an attempt to establish trust with the recipient. In short, anytime someone tries to get you to provide money or sensitive information through manipulation or coercion, you are being targeted with a social engineering attack.
30 WWW. INTELLIGENTCISO. COM