Social Engineering

Social engineering is a manipulative technique intended to exploit human psychology, trust, and emotions to perform specific actions or to make specific decisions, often to the detriment of the target.

Phishing + SE

Although somewhat of a loaded psychological topic, Social engineering is often at the core of phishing attacks, where we attempt to deceive individuals into clicking links or sharing sensitive data through impersonation and manipulation tactics.

Social Engineering Examples

Example#1: Pretexting in Phone Scams

Pretexting is a form of social engineering where we create a fabricated scenario (or pretext) to obtain information from a target. In a phone scam, the attacker might pose as a trusted entity, such as a bank representative, and use a fake emergency to convince the victim to reveal account details. This tactic plays on the victim’s emotions and trust, making them more likely to comply.

Example#2: Phishing Emails with Urgent Messages

Phishing emails (our favorite medium) are a common vehicle for social engineering. Attackers craft emails that appear urgent or alarming, creating a sense of panic or fear in the recipient. These emails often claim that the recipient’s account has been compromised or that a critical action is required. By exploiting human emotions like fear and urgency, attackers trick individuals into clicking on malicious links or downloading malware.