Internet Security

What is social engineering? Definition, types, attack techniques

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now. Table of contentsWhat is social engineering?Types of social engineering techniques and methods10 top best practices to detect and prevent social engineering attacks in 2022 Social engineering is the very…

Published 1 year ago in
What is social engineering? Definition, types, attack techniques

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.

Table of contents

  • What is social engineering?
  • Types of social engineering techniques and methods
  • 10 top best practices to detect and prevent social engineering attacks in 2022

Social engineering is the very common practice of exploiting a human element to initiate and/or execute a cyberattack. 

Human weakness and ignorance present such easy targets that fully 82% of the attacks in Verizon’s 2022 Data Breach Investigations Report were perpetrated, at least in part, via some form of social engineering.

In this article, we look at the forms of social engineering that are frequently used and best practices for limiting its effectiveness within the enterprise.

What is social engineering?

A dictionary definition of social engineering (in the context of cybersecurity) is “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.” 

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

At the most basic, this includes the mass-market spamming of individual email accounts with a phishing attempt such as an offer for a free gift certificate from a well-known retailer. Consumers who click a link to a malicious website or open an infected file attachment and enter personal information may open themselves up to criminal exploitation.

For higher-value, enterprise targets, the technique can become quite a bit more elaborate — or remain stunningly simple.

Roger Grimes, data-driven defense evangelist at security awareness training vendor KnowBe4, calls it for what it is: a con, a scam. “It’s someone pretending to be a brand, company or person you would … trust more than if you know the message was being sent by a complete stranger trying to trick you into doing something that will impact you or your organization’s own interests,” he explained. “The desired actions are often to launch a malicious program, provide logon passwords, or to provide confidential content (e.g., social security number, banking information, etc.).” 

The criminal uses psychological manipulation to trick the user into performing actions or divulging confidential information. Seven means of persuasive appeal, as outlined by Robert Cialini in Influence: The Psychology of Persuasion, are commonly cited in explaining why people are vulnerable to their application in social engineering:

  • Reciprocity
  • Scarcity
  • Authority
  • Liking
  • Commitment
  • Consensus
  • Unity

Many social engineering attempts come via email, but that is not the only channel. Social engineering is also accomplished via SMS messages, websites, social media, phone calls or even in person. 

As Manos Gavriil, head of content at hacking training firm Hack The Box, points out, “Social engineering is considered the number one threat in cybersecurity, as it exploits individual human error, which makes it very hard to stop, and even the simplest forms of attack can have a devastating impact.”

Types of social engineering techniques and methods

Social engineering is accomplished in a variety of ways:  

  • Pretexting: This involves the false presentation of identity or context to make a target believe they should share sensitive data or take a compromising action, and it is an element in most social engineering.
  • Baiting: The adversary usually offers a fake promise of something to deceive the victim, steal sensitive information or infect the organization with malware.
  • Phishing: The attacker sends out large volumes of emails, without a specific target in mind, in the hope that a malicious link or attachment will be clicked to give the attacker access to sensitive information. 
  • Spear phishing: Masq

Read More

Be the first to write a comment.

Leave a Reply

Internet Security

Pentagon leak defendant Jack Teixeira pleads guilty, faces years in prison

Jack Teixeira, a member of the Massachusetts Air National Guard charged with leaking classified military documents on a social media platform, pleaded guilty on Monday to carrying out one of the most serious US national security breaches in years…

Published 2 weeks ago in
Pentagon leak defendant Jack Teixeira pleads guilty, faces years in prison

Jack Teixeira, a member of the Massachusetts Air National Guard charged with leaking classified military documents on a social media platform, pleaded guilty on Monday to carrying out one of the most serious US national security breaches in years…
Read More

Continue Reading
Internet Security

FACT CHECK: SSS has no ongoing scholarship program

SUMMARY This is AI generated summarization, which may have errors. For context, always refer to the full article. The Social Security System warns the public about fake posts bearing the agency’s logo that contain suspicious links promoting an alleged scholarship program Claim: The Social Security System (SSS) posted an application link for its 2024 scholarship

Published 2 weeks ago in
FACT CHECK: SSS has no ongoing scholarship program

SUMMARY

This is AI generated summarization, which may have errors. For context, always refer to the full article.

FACT CHECK: SSS has no ongoing scholarship program
The Social Security System warns the public about fake posts bearing the agency’s logo that contain suspicious links promoting an alleged scholarship program

Claim: The Social Security System (SSS) posted an application link for its 2024 scholarship program offering elementary, high school, and college students allowances of up to P10,000. 

Rating: FALSE

Why we fact-checked this: The claim was uploaded on the Facebook page “Philippine Scholar,” which has been previously fact-checked by Rappler for disseminating false information on student aid supposedly from government agencies. 

The post claims that the 2024 SSS scholarship program offers P4,000 for elementary students, P6,000 for junior high school students, P8,000 for senior high school students, and P10,000 for college students.

The post also included a link to an unverified website where applicants are asked to provide their personal information such as name, email, and phone number. 

While the post was dated January 17, it continues to receive comments and engagements from Facebook users inquiring about the program. As of writing, the post has received 76 reactions, 224 comments, and 12 shares. 

Additionally, the website for the supposed application is still actively posting unverified scholarship programs from various public officials and agencies.

The facts: SSS does not offer the alleged scholarship program, the state-owned social insurance agency said in an advisory on January 18. 

Walang ongoing scholarship program ang Social Security System para sa mga miyembro at benepisyaryo nito, o maging sa publiko. Huwag maniwala sa mga balita, post o private messages sa social media na nag-aalok nito,” the advisory read.

(The Social Security System has no ongoing scholarship program for its members and beneficiaries, or even for the public. Do not believe the news, posts, or private messages on social media that offer this.)

SSS also warned the public that these misleading posts are likely schemes that may put their personal data at risk.

For SSS-related concerns, the public is advised to direct their inquiries to the official SSS channels or through their verified support ticket system, the uSSSap Tayo Portal.

Educational assistance: What SSS offers is the Educational Assistance Loan Program (EALP), a short-term member loan program for eligible SSS member-borrowers intended to defray educational expenses for undergraduate degrees and technical or vocational courses.

According to the EALP application form on the SSS website, the maximum loanable amount is P20,000 per academic term, or a maximum allocation of P160,000 and P200,000 in full allocation for four and five-year degree programs, respectively. 

Meanwhile, qualified member-borrowers may apply for a maximum amount of between P40,000 and P60,000 for vocational or technical courses.

The loan program is funded by both the national government and SSS. To apply, individuals must submit an accomplished EALP application form and supporting documents to the nearest SSS office.

Debunked: Rappler has published several fact-checks about fake scholarship programs allegedly from government agencies:

  • FACT CHECK: DepEd doesn’t offer up to P10,000 scholarship via online forms
  • FACT CHECK: Link for CHED-UniFast scholarship is fake
  • FACT CHECK: DOLE-NLRC has no scholarship program

Official accounts: For official updates on the programs and services of SSS, refer to its official website, X (formerly Twitter), Facebook, Instagram, TikTok, and YouTube accounts.  – Larry Chavez/Rappler.com

Larry Chavez is a graduate of Rappler’s fact-checking mentorship program. This fact check was reviewed by a member of Rappler’s research team and a senior editor. Learn more about Rappler’s fact-checking mentorship program here.

Keep us aware of suspicious Facebook pages, groups, accounts, websites, articles, or photos in your network by contacting us at factcheck@rappler.com. Let us battle disinformation one Fact Check at a time.

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Read More

Continue Reading
Internet Security

ONSA Coordinates Probe into Binance, Others… Cryptocurrency Firms May Face Billion Dollars Fine

ONSA Coordinates Probe into Binance, Others… Cryptocurrency Firms May Face Billion Dollars Fine The Office of the National Security Adviser (ONSA) in partnershipwith Central Bank of Nigeria (CBN) is coordinating a multi-agency investigation into the operations of Binance and other cryptocurrencies. PRNigeria gathered that the investigation which involved regulatory bodies…

Published 2 weeks ago in
ONSA Coordinates Probe into Binance, Others… Cryptocurrency Firms May Face Billion Dollars Fine

ONSA Coordinates Probe into Binance, Others… Cryptocurrency Firms May Face Billion Dollars Fine The Office of the National Security Adviser (ONSA) in partnershipwith Central Bank of Nigeria (CBN) is coordinating a multi-agency investigation into the operations of Binance and other cryptocurrencies. PRNigeria gathered that the investigation which involved regulatory bodies…
Read More

Continue Reading
Internet Security

BREAKING: “Open Borders Make Food Enter Abeg” – Danny Young Tells Nigerian Government Amid Economic Crisis

Danny Young, a Nigerian singer, recently took to social media to express his thoughts on Nigeria’s present economic situation. On his Instagram page, he highlighted that the primary difficulty for Nigeria was lack of production and exportation. The musician added that people are reluctant to invest in Nigeria due of insecurity…

Published 3 weeks ago in

Danny Young, a Nigerian singer, recently took to social media to express his thoughts on Nigeria’s present economic situation. On his Instagram page, he highlighted that the primary difficulty for Nigeria was lack of production and exportation. The musician added that people are reluctant to invest in Nigeria due of insecurity…
Read More

Continue Reading