Social Engineering Examples in 2023

By Amos Aesoph, Xigent CISO

Social Engineering

Social engineering examples are important to know in 2023 for a handful of reasons. The primary is that 90% of all cyberattacks involve social engineering, which is the art of manipulating your employees to gain control over your organization’s computer system. Cybercriminals look for various opportunities to motivate you to act. Here are a few examples of social engineering and ways to prevent them:

Phishing:

An attacker may send an email appearing to be from a trusted source (e.g. a bank or a well-known company) and ask the recipient to click a link or download an attachment that appears legitimate, but actually contains malware that can be used to breach the recipient’s security.

Baiting:

An attacker may leave a physical device (e.g. a USB drive) in a public place, or even outside an organization’s building. The attacker hopes that someone will pick up the device and plug it into their computer, inadvertently allowing malware to infect the system.

Pretexting:

An attacker may impersonate a trustworthy individual or authority figure (e.g. a company executive or a law enforcement officer) and use social engineering techniques to trick the victim into revealing sensitive information or performing an action that compromises security.

Spear Phishing:

Similar to phishing, an attacker targets a specific individual or group, often with information gained through social media or other public sources, and creates a personalized message that appears trustworthy. This increases the likelihood of the victim taking action, such as clicking a link or downloading an attachment.

Social Engineering Prevention

While new tactics emerge from day to day, certain common traits can serve as red flags that you may be targeted in a scam. According to Xigent’s partner KnowBe4, simply asking yourself four questions can help you prevent social engineering. If the answer is yes to any of the following, be suspicious:

  1. Does the message arrive unexpectedly? We all get messages every day that we don’t expect, but an email, call, or text that comes without warning is more likely to be social engineering.
  2. Is this the first time a sender has asked you to perform the requested action? If your coworker or CEO has never asked you to send money, execute a program, or provide a password, you need to think twice before acting.
  3. Does the request include a “you need to do it NOW” stressor? Cybercriminals don’t want you to stop to think about what they’re asking. They create a false sense of urgency to get you to act without asking questions.
  4. If the request is malicious, can performing it harm your interests? If the action you’re being asked to take could potentially hurt you or others, such as providing confidential information, stop and think. Stop and ask some more questions before you do anything more.

One of the best ways to cut the effectiveness of social engineering with your employees is to educate them on the latest tactics and threats being used by cybercriminals. Effective training can help transform your employees from your biggest security liability to your first line of defense against social engineering.

Xigent consultants can help you assess your organization’s operations and security practices and create a multi-layered security program, including training, that meets your unique needs.

Get a Security Assessment