What exactly is social engineering, and how do we protect ourselves?

Published on | December 6, 2021
Have you ever been a victim of social engineering? If you answered no, consider yourself lucky as more than 1 of 10 employees fall for social engineering attacks. Also, according to FBI data, social engineering attacks cost businesses $130,000 through stolen money or destroyed data. So what exactly is social engineering? Social engineering can be defined as the act of exploiting human weaknesses to gain access to personal information. It's based on the psychological manipulation of people to con them into performing specific actions. It doesn't involve hacking computer systems to penetrate a target's account. Social engineering is not new. Famous real-world social engineer, Frank Abagnale, Jr., who was played by Leonardo DiCaprio in the movie Catch Me if You Can, posed as a Pan Am pilot, doctor, and prosecutor to avoid paying for services, in the mid-sixties.  

Staggering data

Looking at the most recent studies on social engineering is eye-opening. Not only is social engineering widespread, but its victims include even IT professionals. Here are five stats that are worth highlighting:
  • 98% of cyber-attacks rely on social engineering.
  • 43% of IT professionals say they have been targeted by social engineering in the last year.
  • 45% of employees click emails they consider to be suspicious “just in case it’s important.”
  • 47% of employees cited distraction as the main factor in their failure to spot phishing attempts
  • An estimated 70 – 90 % of breaches are caused by social engineering.

Real-life examples of social engineering

Among the most significant social engineering attacks was one by Lithuanian national Evaldas Rimasauskas against Google and Facebook. Rimasauskas and his team set up a fake company, pretending to be a computer manufacturer that worked with Google and Facebook. Afterward, they sent phishing emails to specific employees of the companies directing them to deposit money into their fraudulent accounts. Between 2013 and 2015, Rimasauskas cost the two tech companies over $100 million. Another one was when Chinese plane parts manufacturer FACC lost nearly $60 million when scammers impersonated high-level executives and tricked employees into transferring funds.  

Types of social engineering attacks:

Social engienrring comes in different forms. Here are some of the most common ones:
  • Baiting: When a scammer utilizes a false promise to entice a victim into a trap where personal and financial information is stolen, or the system is infected with malware
  • Pretexting: An attack in which the attacker creates a scenario to try and convince the victim to give up valuable information, such as a password.
  • Phishing: It’s when an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker.
  • Quid pro quo: This involves a hacker requesting critical data or login credentials in exchange for a service.
According to the FBI, phishing was the most common type of cybercrime in 2020.  

Tips to prevent social engineering attacks:

Here are some things to remember to prevent social engineering scams:
  • Don’t download files you don’t know.
  • Think before you click
  • Offers and prizes are fake.
  • Delete any requests for personal information or passwords.