Recapping Social Engineering Attacks

Social Engineering Cybersecurity Attacks

Dumpster Diving | Tailgating | Baiting | Impersonation

Work through the summary below to review the definitions of social engineering attacks and be reminded of the main red flags to look out for and best practices to defend against social engineering attacks.

Definitions

Dumpster Diving:

Searching through trash for information that could be used in a cybersecurity attack.​

Tailgating:

Also known as piggybacking, it takes place when someone without proper authentication follows an authenticated employee into a restricted area​. Digital tailgating is requesting the use of a digital resource without proper authentication​.

Baiting:

Using a false promise to lure victims into a trap that steals their personal information or infects their system with malware​.

Impersonation:

The social engineer impersonates or plays the role of someone you are likely to trust or obey convincingly enough to fool you into allowing access to your restricted space, to information, or your network.

Red flags and best practice

Suspicious and out of the ordinary behavior or occurrences are the main red flags to look out for in terms of social engineering attacks. Be especially vigilant in instances where you have won a prize, been given a gift, or received a missed package notification that you were not aware of.

Implement the following best practices to defend against social engineering attacks:

• destroy any resources and delete all data containing personal information when it is no longer needed.
• use a firewall to prevent attackers from accessing discarded data.
• never allow someone without proper authentication into a restricted area or to use your electronic resources.
• avoid revealing information, especially out of trust, fear​, curiosity, or greed.
• be skeptical about anything out of the ordinary​.
• never plug in a found or gifted USB thumb drive.
• update and adhere to your organization’s policies and procedures.