What is social engineering?
Social Engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures,” states Margaret Rouse of TechTarget. Another way to think of “Social Engineering” is that an attacker can use mundane human interactions taken for granted in everyday life and uses those mundane, everyday human actions to gain information, access to locations, and systems that they should not have. “These schemes tend to play off of your social or business connections and strive to engage you through the course of normal activities. The goal is to get you to respond without even thinking about it by encouraging you to respond to your credit card company’s email when payment is due, impersonating one of your business partners to get you to share sensitive business information, or even something as simple as “tailgating,” the term for walking close behind encouraging you to open a door to a secure-access building” says Tina Thorstenson CISO of Arizona State University.
“Tailgating” is just what it sounds like -- exploiting our culture’s common courtesy of holding doors open for someone who is walking close behind. An attacker will often wait nearby the target location they are attempting to gain access to. They will follow somewhat closely behind the victim and wait for the target to open the door. Once this occurs, it is very common for the person who opened the door to hold it open for the attacker. Most people do not stop to consider “does this person have the appropriate access to enter this building?”This seemingly innocent act leads to an even greater threat. Now that the attacker has gained access to a location that is supposed to be behind a security checkpoint. Most people will just assume that the attacker belongs there because the attacker must have presented the credentials to get into the building.
While this example is less common than some, it is a high risk form of social engineering. We highlighted it to encourage you to rethink your normal routine and how you handle certain situations. Most attackers use this same thought process for phishing emails, vishing voice call campaigns, and other social engineering schemes through social media or even texting. Ultimately, being mindful can prevent these attacks from being successful. Suspicious behavior should be treated with caution, especially if it’s unsolicited. It’s important to take a moment to pause and think before you respond.