Skip to main content

Social Engineer

What Is a Social Engineer?

A social engineer is any person who uses deception, manipulation, and influence to extract information, gain unauthorized access, or cause individuals to perform actions that are beneficial to them.

Social engineers can be malicious actors or people whose job is to “hack humans” to see how secure an organization is. 

Third-party definition 

A social engineer will manipulate their target using email, phone, or in-person tactics to acquire confidential information. Through observing personal mentalities, reoccurring routines, and relationships, the social engineer can develop the appearance of an individual you might naturally trust. – Relativity

What Is Social Engineering? 

Social engineering is an attack method that exploits human errors or vulnerabilities to obtain personal information, access, or valuables. Unlike traditional hacking, which targets computer systems, social engineering targets the human element in security systems.

Common Techniques Social Engineers Use 

Social engineers use a variety of techniques to manipulate others. These can include: 

  • Phishing. Sending fraudulent emails or messages that appear to come from reputable sources to trick recipients into revealing sensitive information or installing malicious files. 
  • Spear phishing. A phishing attack that targets specific individuals or organizations. Spear phishing emails and messages are often personalized to make them look more believable. 
  • Pretexting. When an attacker invents a scenario – or pretext – to trick their victim. 
  • Baiting. This technique involves the attacker using a false promise or reward to get the victim to share private information or do something they shouldn’t do. 
  • Quid pro quo. Where the attacker offers a benefit or service in exchange for information or access. The term is Latin for “something for something,” indicating a trade or exchange. 
  • Tailgating or piggybacking. Used to gain unauthorized access to buildings, offices, data centers, or other secure areas by following closely behind a person who is authorized to enter. This technique relies on exploiting human courtesy or the inattentiveness of the person being followed. 
  • Vishing (voice phishing). When an attacker calls their victim pretending to be someone else and tricks them into revealing sensitive information or performing some kind of action that puts them or their organization at risk. 
  • Smishing (SMS phishing). Similar to vishing, but instead of calling, the attacker sends their victim a text message. 
  • Whaling. A phishing attack that goes after “whales,” aka high-value targets such as executives. 
  • Business email compromise (BEC). BEC fraud typically involves an attacker gaining access to a corporate email account or creating an email account that appears to be from a company executive, employee, or business partner.
  • Honey trap. Using allure, charm, or seduction to manipulate, deceive, or gather information from a target. 

How to Reduce the Risk of Being Socially Engineered By a Social Engineer 

Many social engineering attacks start with attackers researching their targets. To reduce the risk of being socially engineered, assess your digital footprint and work on reducing it. 

The exact steps here depend on your particular situation (i.e., where your information appears online) but could involve making your social media profiles hidden from public view, removing old forum posts and comments, shutting down old blogs, and opting out of data brokers

That last step—opting out of data brokers—is particularly important. Data brokers collect personal information about people, compile it into profiles, and sell them to anyone for a small fee. Profiles can include details like your address, phone number, employment history, education, and even family members. We know for a fact that cybercriminals use data brokers in their reconnaissance. 

By removing your name from data broker databases and elsewhere online, you’re reducing the amount of information social engineers will have for crafting personalized scams. 

Assess your digital footprint regularly. When it comes to data brokers specifically, continuous opt-out is key, as brokers relist your profile when they find more data about you. Alternatively, subscribe to a data broker removal service like DeleteMe to have removal experts handle the process for you. 

Besides monitoring your digital footprint, you should stay on top of social engineering trends and follow best practices like enabling multi-factor authentication, using an antivirus, and being skeptical of unsolicited requests and other odd behavior.