Social Enginnering

Social engineering occurs when a bad actor tricks or manipulates an individual to disclose confidential information or unintentionally install malicious software.

Social engineering is different from other cyber attacks because the fraudster typically uses public information from internet searches or social media to add a personal aspect to the attack. For example, a bad actor could use your Facebook profile to guess the answers to your account security questions or present themselves as a relative or friend to take advantage of trust in internet communication.

The vectors of social engineering are phishing and other forms of nefarious impersonation. Social engineers employ several tactics to convince victims of their legitimacy. Most commonly, scammers attempt to portray themselves as a familiar or friendly counterparty. Other times, a bad actor will look to intimidate or blackmail the victim into disclosing private information.

Individuals also become vulnerable to socially engineered attacks when they need to change their passwords on an account. A bad actor can fabricate a reset password link that shows them your new password and allows them to access your account. The best way to avoid this form of attack is to verify the sending address and link before clicking to reset your password.

The best method for avoiding socially engineered attacks is to limit the information you share on social media and be skeptical of communications from external sources, especially if that communication requests immediate action or has a threatening tone.