Social engineering

Home / Blog / Social engineering

Social Engineering

Not all hackers are experienced programmers and security experts. Social engineering is one of the easiest and most effective ways for attackers to gain unauthorised access to your personal or business information. Social engineering, in the context of information security, refers to the psychological manipulation of people into performing actions or divulging confidential information. The data obtained by the attacker is then used to gain access to computer systems and carry out actions to the detriment of the person or organisation whose data has been stolen. There are various techniques and terms but the most common on the Internet is phishing. In this technique, users reveal data because they think they have clicked on a link that has taken them to a trusted website, such as a bank. Typically a fraudulent email (sent by the attacker) is sent to the victim instructing them to login to their bank to release funds or confirm their personal information. Attackers often use phrases like “Failure to verify your personal information within 24 hours will result in your account being closed”, to encourage the victim to comply. The link in the email takes the victim to another website impersonating the real website. The wording and design often look very convincing. The victim then proceeds to enter their username and password to login but they have actually divulged their credentials to the attacker!

What Happens when you dare expert hackers to hack you?

After reporting on the hacks of Sony Pictures, JPMorgan Chase, Ashley Madison, and other major companies, Real Future’s Kevin Roose got curious about what it felt like to be on the victim’s side of a giant data breach. So he decided to stage an experiment: he invited two expert hackers to spend two weeks hacking him as deeply and thoroughly as they could, using all of the tools at their disposal. The result was a shocking privacy nightmare.

Credit: Video produced by Real Future for Fusion TV (fusion.net)


Staying Safe
  • Never reveal your passwords or login credentials to anyone.
  • When you enter your details on a website, make sure the address is correct.
  • Never open strange-looking files or attachments, even if they come from someone you know.
  • Don’t divulge confidential information over the phone unless you are absolutely sure that the caller is who they are claiming to be.

Your employees are probably unknowingly your greatest security risk! 78% of people claim to be aware of phishing, but click on the links anyway out of fear or curiosity. It’s a lot easier for an attacker to go after a user and manipulate them into giving up privileged information, than it is try and break into a secure computer system. Even the most comprehensive security systems are useless if a user willingly gives discloses their password or other confidential information. User education should play a key role in any organisations security strategy. We offer Security Awareness training to educate users about online threats and cyber safety, what qualifies as sensitive data and how to identify and avoid threats.

Contact Us