You Are A Target!
Cybercriminals are quite effective at getting what they want. They’ve learned that the easiest way around your organization’s defenses isn’t hacking and cracking, it’s tricking you into letting them in.
Social engineering is the art of manipulating, influencing, or deceiving you into taking some action that isn’t in your own best interest or in the best interest of your organization. The goal of social engineers is to obtain your trust, then exploit that relationship to coax you into either divulging sensitive information about yourself or your organization or giving them access to your network.
Digital Attacks
- Phishing: Email-based social engineering targeting an organization.
- Spear Phishing: Email-based social engineering targeting a specific person or role.
Stop, look, and think before you click that link or open that attachment.
In-Person Attacks
- USB Attacks: An attack that uses a thumb drive to install malware on your computer.
- Tailgating: When a hacker bypasses physical access controls by following an authorized person inside.
Stop, look, and think before allowing someone in that you don’t recognize or plugging any external media into your computer.
Phone Attacks
- Smishing: Text-based social engineering.
- Vishing: Over-the-phone-based social engineering.
Stop, look, and think before you surrender confidential information or take action on an urgent request.