Social engineering is the art of manipulating people so that they divulge confidential information.

Often, no matter how much is spent on sophisticated technical protection such as firewalls, it is people who are the weak point.

Blagging (or pretexting) refers to using an invented scenario to increase the chances of the victim divulging information.

This could include impersonating an employee of a company, posing as a delivery person, or pretending that they're in trouble and need money.

Phishing is the technique of fraudulently obtaining private information, often via email or SMS.

Phishing attacks will often convince people to click on links in order to obtain their personal details.

Pharming means creating fake versions of websites where victims enter their details.

This is the most common form of phishing attack. Many pharming attacks will use fake versions of banks or online shops like Amazon.

Phishing attempts often contain a number of clues:

• They are typically addressed to generic recipients such as "Dear Sir/Madam" or "Dear user".
• They contain links and threats of consequences.
• There might be spelling and grammar mistakes.
• The sender's email address might not be from an official domain.

Shouldering is the way of obtaining someone's private information (PIN, password, etc.) by looking while they enter it.

Unlike other forms of social engineering, shouldering requires close physical proximity to the victim and can therefore not be carried out remotely.

---

How could a network be protected against social engineering?

• Educate people about the methods that hackers use
• Implement effective user access levels
• Utilise two-factor authentication
• Use a password manager and don't reuse passwords

---