What are Social Engineering Attacks?

A social engineering attack is one in which the intended victim is somehow tricked into doing the attacker's bidding. An example would be responding to a phishing email, following the link and entering your banking credentials on a fraudulent website. The stolen credentials are then used for everything from finance fraud to outright identity theft. An old adage comes to mind here, "it pays to be suspicious". With socially engineered attacks, the opposite is also true - if you aren't suspicious, you likely will end up paying.

In addition to phishing, social engineering attacks can come in many forms - email that masquerades as breaking news alerts, or greeting cards, or announcements of bogus lottery winnings. Pump and dump stock scams are also a form of social engineering, playing on the recipients' natural desire to take advantage of a good deal. It's important to remember that if something sounds too good to be true, it's probably a scam.

Social engineering attacks are also often used to trick users into infecting their own systems - for example, by disguising the malware as a video codec or Flash update. An email is sent enticing the recipient to view a bogus video clip, the victim visits the link contained in the email and installs the "codec/update" which turns out to be a backdoor Trojan or keystroke logger.

Remember: with social engineering scams, the attacker is relying on you to make the wrong choice. Choose not to be a victim.