Social Engineering Incidents and Preventions

Abstract

Social Engineering is a technique used to obtain information through tactics using persuasion, intimidation, coercion, extortion, or blackmail. Social engineers study human behavior. They study personality traits, read body language, and can use psychology to trick or manipulate the victim. Social engineering is traditionally used in psychology, it has evolved and adapted into a major cyber-attack technique for gathering information. Today, the largest reason social engineering attacks are possible is human error. Many employees and users are not trained or knowledgeable about the different types of cyber threats. Because of that, hackers have used this social engineering against them. The main techniques are phishing, quid pro quo, pretexting, baiting, and tailgating. Each technique is either software-based or human-based. Each one focuses on one or many principles of social engineering. These principles include authority, intimidation, urgency, scarcity, and familiarity. By using psychology and these principles, attackers can convince or deceive the victim into clicking a virus link, making them insert an infected USB into a computer or use common courtesy against them. Though this is easier said than done, there are also many prevention methods one can use to protect themselves. These prevention methods include getting anti-virus, using VPNs, BYOD, and most importantly, learning and spreading awareness about social engineering attacks. This paper will discuss the techniques used and explain how to best prevent the threat.