The most common social engineering attacks

Tamlin Magee
Tamlin Magee

Tamlin Magee

Tamlin is online editor at Techworld and ComputerworldUK. He has previously covered a wide range of beats at a variety of publications, from European channel markets, enterprise cloud and privacy to architecture, design, film and music. He is particularly interested in the intersection between technology, the political sphere and the day-to-day.

Share

The human is the weakest link in the chain of security - you can have all the best technology in place to offset the risk of a malicious attack, but any organisation that doesn't train its staff or have best practices in place is at even bigger risk.

In fact, the most effective form of compromising a network is targeting people, using deception to gain access to internal systems, email accounts, or grab compromises. Attackers making the most of their guile are the most difficult to protect against, because they depend on plain dumb human error or mistakes. This is called social engineering, and it's worth taking stock of what the most common techniques are in order to protect against them.

Social engineering at its core is the art of lies and manipulation, the oldest tactics that there are. In fact, even though the threat landscape is getting more sophisticated, it's the low-hanging fruit of spray-and-pray phishing approaches that often do the most damage. There have been plenty of books written on the matter, so this is a loose guide rather than anything definitive, but read on for some of the most common attacks.

This is by no means an exhaustive list - books have been written on the matter - but read on for some of the most common types of social engineering attacks.

Share