Word of the Day: social engineering

Word of the Day Daily updates on the latest technology terms | November 16, 2018 social engineering Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain. Threat actors use social engineering techniques to conceal their true identities and motives and present themselves as a trusted individual or information source. The objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. Many social engineering exploits simply rely on people's willingness to be helpful. For example, the attacker might pretend to be a co-worker who has some kind of urgent problem that requires access to additional network resources. Social engineering is a popular tactic among hackers because it is often easier to exploit users' weaknesses than it is to find a network or software vulnerability. Hackers will often use social engineering tactics as the first step in a larger campaign to infiltrate a system or network and steal sensitive data or disperse malware. How social engineering works Social engineers use a wide variety of tactics to perform attacks. The first step in most social engineering attacks is for the attacker to perform research and reconnaissance on the target. If the target is an enterprise, for instance, the hacker may gather intelligence on the employee structure, internal operations, common lingo used within the industry and possible business partners, among other information. One common tactic of social engineers is to focus on the behaviors and patterns of employees with low level but initial access, such as a security guard or receptionist. Hackers can scan the person's social media profiles for information and study their behavior online and in person. From there, the hacker can design an attack based on the information collected and exploit the weakness uncovered during the reconnaissance phase. If the attack is successful, hackers have access to sensitive data -- such as credit card or banking information -- have made money off the targets or have gained access to protected systems or networks. Continue reading... Quote of the Day "The best defense against attackers using social engineering scams is and will always be awareness." - Reda Chouffani Trending Terms spear phishing watering hole attack scareware tailgating penetration testing security awareness training remote access Trojan Learning Center Social engineering scams must be on hospitals' radars Social engineering scams targeting the healthcare industry are becoming increasingly common. Fortunately, in addition to security software, there are some practical tips that can help combat these types of attacks. Robot social engineering works because people personify robots Robot social engineering could be a viable attack vector in the future, according to Brittany 'Straithe' Postnikoff, both because of the various social abilities that robots can use and because robot manufacturers don't focus on security. Social engineering techniques are becoming harder to stop, experts say Social engineering techniques have evolved as more personal and corporate information is shared on the Web, leaving enterprise to adopt new training methods to keep data safe. What is behind the growing trend of BEC attacks? Business email compromise attacks do not require the use of a malicious payload or URL, making them popular among cybercriminals. Learn more about how to recognize possible BEC attacks. Phishing threats still dwarf vulnerabilities, zero-days Email security vendor Proofpoint released its Human Factor 2018 report, which details how phishing threats are evolving and still beating enterprise defenses. Quiz Yourself ____ can you trust? Social engineering tactics are so sneaky and phishing attempts are so sophisticated that you're afraid to click a link in an email from your boss or your bank. a. Who b. Whom Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.