You may have heard of social engineering before, right? In short, it is a term that refers to psychological manipulation to deceive people and induce them to take actions that may jeopardize data and information security.
It’s like a “human chess game,” where the adversary uses tricks and persuasion techniques to achieve their goals.
Imagine you are a character in a spy movie and the adversary is the villain. He knows you are good at chess and like to help people. So, he approaches you, pretending to be someone who needs help with a chess game. After a few games, he starts making small requests, such as giving information about your chess skills, and then asks you to share some information about the company you work for.
Without realizing it, you just provided valuable information to the enemy!
In real life, social engineering is used by cybercriminals to obtain personal information, passwords, and access to protected systems. For example, an intruder may call an employee of a company, pretending to be a technical support representative, and ask the person to provide their access credentials. Or a scammer may send a fake email, claiming to be from a legitimate service, requesting that the person click on a malicious link that infects the computer with a virus.
A real example was a sophisticated phishing attack in which hackers posed as employees of a large technology company and sent emails to employees of other companies requesting that they fill out a form with their Google Docs access credentials. Several people were deceived and provided their information, which allowed the intruders to access sensitive information from the companies.
Therefore, be aware of the dangers of social engineering. Be very cautious when providing personal or business information to third parties, even if they seem legitimate. Sometimes, the enemy can be disguised as a friend or ally.