Just because it is me, I am going to start this Back-to-Basics mini-series by not talking about phishing emails but looking at a key component of a malicious email attack – social engineering.
So what is Social Engineering?
In its most basic form, it is the advertising we are all exposed to throughout our daily lives. It is the algorithms that “Big Tech” uses to fill our feeds with content they are sure will make us stay just a little bit longer on their sites, so they can feed us more advertising and so make themselves more money. I was in the Tufty Club that taught me how to cross the road safely and that must have worked because I am still here.
Not the answer I think you were expecting.
If you consult various dictionaries, you get answers that stretch from building bridges (real bridges not social ones) to the welfare of a community, (Hadnagy, 2018).
What we are looking at here is the ways that honest companies and people influence our behaviour, mutated by threat actors to get us to drop our “spidey sense”, (Farlex. 2015), about cyber security and do what they want us to do.
…and all of this happens whilst you sit at your computer…
How does Social Engineering do that?
The threat actors know that it is human nature to trust. The next thing they need to do is to create a scenario, a story that will cause you to react in a way that leads you to do what they want. There are many examples of how they do this, and this slide from my training session about Social Engineering and Phishing shows a few of the most popular.
We will be looking at some specific examples of the above in Part 3 of this series.
What do you need to know about Social Engineering?
Another attack tactic is to send the emails through when organisations tend to be at their busiest – first thing Monday and Friday afternoons. Dire Straits back in the 80’s suggested a defence for this (go look at the lyrics for Industrial Disease) but that is not likely to work. You need all of your team, from the board members to the newest recruit to have a working knowledge on how they can be easily influenced by the hackers.
Next…
We have not quite finished with the social engineering yet.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Hadnagy, C. (2018). Social Engineering: The art of human hacking. Wiley.
Farlex. (2015). My spidey-sense is tingling. The Free Dictionary. https://idioms.thefreedictionary.com/my+spidey-sense+is+tingling
Further Reading
Photo by ThisIsEngineering