Word of the Day: social engineering

Word of the Day Daily updates on the latest technology terms |June 15, 2017

social engineering Social engineering is a security attack vector that involves tricking someone into breaking normal security procedures. A social engineer runs what used to be called a "con game." Techniques such as appeal to vanity, appeal to authority and appeal to greed are often used in social engineering attacks. Many social engineering exploits simply rely on people's willingness to be helpful. For example, the attacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources.   Popular types of social engineering attacks include: Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware. Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware. Spear phishing: Spear phishing is like phishing, but tailored for a specific individual or organization. Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient. Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware. Security experts recommend that IT departments regularly carry out penetration tests that use social engineering techniques. This will help administrators learn which types of users pose the most risk for specific types of attacks while also identifying which employees require additional training. Security awareness training can go a long way towards preventing social engineering attacks. If people know what forms social engineering attacks are likely to take, they will be less likely to become victims. Quote of the Day "For organizations to adequately model the real threats they face, social engineering penetration testing should be a mandatory tactic in every pen testing toolkit." - Dave Shackleford Related Terms and Tags RELATED TERMS malware security awareness training scareware pretexting attack vector RELATED TAGS Security testing and ethical hacking Enterprise vulnerability management   Learning Center Social engineering attack leads to leaked info on 20,000 FBI agents Information on 20,000 FBI agents was leaked by a hacker who had used a social engineering attack to access the DOJ intranet. Social engineering techniques are becoming harder to stop, experts say Social engineering techniques have evolved as more personal and corporate information is shared on the Web, leaving enterprise to adopt new training methods to keep data safe. Five ways to prepare employees for social engineering scams Social engineering scams are responsible for almost all attacks on enterprises today. Learn how to prepare your employees so they don't fall victim. Social engineering penetration testing: Four effective techniques Social engineering penetration testing can be used to show a client organization how vulnerable they are to social engineering attacks. Social engineering: You got nailed! Social engineering attack and prevention: Enterprises look to data-centric security and breach detection to thwart unrelenting attacks. Stay In Touch FOLLOW US CONTACT AN EDITOR For feedback about any of our articles or to send us your article ideas, please contact us at: mrouse@techtarget.com About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.