Social engineering refers to the manipulation of people to gain private information
Social engineering refers to the manipulation of people to gain private information (such as passwords, bank account details) and or access information systems through abstract and psychological approaches. The main motives for social engineers is to gather information for a future attack, commit fraud or gain access for malicious activity.
The most popular forms of social engineering attacks include baiting, phishing and tailgating and scareware.
Baiting is when a perpetrator leaves a malware infected physical device (e.g. USB) in a noticeable location such as the photocopier room, bathroom or kitchen. The perpetrator will label the USB with appealing names like salary records in hopes an employee will find the device. When the employee finds the device and loads it onto their computer, they will unintentially install malware.
Another common technique is phishing. Phishing involves a malicious party who sends fraudulent emails or has created untrustworthy websites to attain private information. For example, the party disguises themselves in the email as a trusted figure in an organisation (e.g. IT manager) or the company itself. The message is designed to hoax the recipient into sharing personal or financial information or selecting a link which installs malware (e.g. virus).
Tailgating is designed to enable an attacker to enter restricted areas controlled with locks and card entry. For example, an attacker who follows an employee very closely towards a secure room and when the employee enters, the attacker asks the employee to hold the door for them. As a result, the attacker gains access to isolated company information to perform malicious actions.