Introduction to Social Engineering

Social engineering attacks manipulate human psychology to gain sensitive information. Unlike technical hacks, they exploit trust and social interactions. Awareness is key to mitigation.

Phishing, pretexting, baiting, and tailgating are common tactics. Attackers often impersonate trusted entities. Surprisingly, 98% of cyber attacks involve some form of social engineering.

Techniques like reciprocity, authority, and scarcity are often employed. Attackers use fear, urgency, and curiosity to prompt quick, unthinking actions. Even simple social cues can be weaponized.

Notable cases include the 2016 Democratic National Committee email breach. Attackers posed as Google to trick users into revealing passwords. Lesser-known: attackers once used a USB labeled 'Confidential' to breach a corporate network.

Education and awareness are crucial. Regular training, simulated attacks, and multi-factor authentication can significantly reduce risks. Encouraging skepticism and verifying sources can thwart many social engineering attempts.

In 2003, a social engineer tricked an entire company into believing a fake employee existed, even assigning him a desk and tasks.