Hi everyone. This post is hopefully the first in a series that I would like to do. As I make my journey into the cyber/information security field, I am called towards the awareness and education side of things. I hope that I can help explain things related to cyber and information security (or InfoSec) to non-technical, everyday people.
I don’t want these to be long, lengthy, drawn-out posts. It is my goal to make these short, sweet, and to the point. I hope you enjoy these, and hopefully learn something from them as well. 🙂
With that said…
What is social engineering?
Quite simply, social engineering is a con game. It’s just the term used in the tech industry. Just like a con, a person uses whatever tricks or tools at their disposal to accomplish their goal. That goal could be something such as:
- Gain access to a building
- Obtain your personal data
- Gain access to a company’s internal network resources
How would such a person accomplish these goals? Well, to reference the above examples, a malicious person might:
- Impersonate a delivery employee
- Calling/texting you pretending to be your bank and needing you to “verify” your account information
- Receiving an email from someone claiming to be a supervisor/high-level executive asking you to “open and verify this document for me before I walk into this big-time meeting”
Social engineering is certainly nothing new. It’s just a con game with a different name. I hope this helps you understand better when you hear or read about social engineering.
Please, feel free to let me know if there are any other questions or topics you would like to ask.