Internet Security Definitions | Kaspersky Lab US

SECURITY DEFINITION

Social engineering is a form of techniques employed by cybercriminals designed to lure unsuspecting users into sending them their confidential data, infecting their computers with malware or opening links to infected sites. In addition, hackers may try to exploit a user's lack of knowledge; thanks to the speed of technology, many consumers and employees don't realize the full value of personal data and are unsure how to best protect this information.

How Social Engineering Works - and How to Protect Yourself

Almost every type of attack contains some kind of social engineering. The classic email "phishing" and virus scams, for example, are laden with social overtones. Phishing emails attempt to convince users they are in fact from legitimate sources, in the hopes of procuring even a small bit of personal or company data. Emails that contain virus-filled attachments, meanwhile, often purport to be from trusted contacts or offer media content that seems innocuous, such as "funny" or "cute" videos.

In some cases, attackers use more simplistic methods of social engineering to gain network or computer access. For example, a hacker might frequent the public food court of a large office building and "shoulder surf" users working on their tablets or laptops. Doing so can result in a large number of passwords and user names, all without sending an email or writing a line of virus code. Some attacks, meanwhile, rely on actual communication between attackers and victims; here, the attacker pressures the user into granting network access under the guise of a serious problem that needs immediate attention. Anger, guilt and sadness are all used in equal measure to convince users their help is needed and they cannot refuse. Finally, it's important to beware of social engineering as a means of confusion. Many employees and consumers don't realize that with only a few pieces of information — name, date of birth or address — hackers can gain access to multiple networks by masquerading as legitimate users to IT support personnel. From there, it's a simple matter to reset passwords and gain almost unlimited access.

Protection against social engineering starts with education — users must be trained to never click on suspicious links and always guard their log-in credentials, even at the office or at home. In the event that social tactics are successful, however, the likely result is a malware infection. To combat rootkits, Trojans and other bots, it's critical to employ a high-quality Internet security solution that can both eliminate infections and help track their source.