Social Engineering is the practice of getting you to do something you normally wouldn’t do. This is done to gather data or information for further use, such as a cyberattack, or just generating junk e-mail.
Social Engineering has many different faces, and can occur in person, via the phone, e-mail, website, or even traditional mail. In a social engineering attack, the perpetrator tries to gain your trust by posing as a person or entity you know or trust in an attempt to gain confidential information or other types of fraud.
Have you ever received a call from someone claiming to be the IRS? Perhaps Windows Support? These attacks are called Vishing and are a form of social engineering using the phone. Their goal is to collect your personal information or to get you to provide an attacker access to your computer for all kinds of potential fraud.
A similar type of social engineering is where attackers register a website that is close to a similar name such as googlec.om, which may take you to a site that looks like Google, but may be passively trying to install malware on your system. One particularly nefarious scam accuses you of accessing inappropriate material and a government agency has locked your computer, requiring you to pay a small fine. Another social engineering ploy is for hackers to drop a USB storage device in a key area of an organization (such as finance) in the hopes that some one will pick it up and inevitably insert it into their computer where it can install various types of malware that can export interesting data, perform reconnaissance on the network of the organization, or start installing ransomware (more on this topic next week.)