Social Engineering Attacks: How They Work

Social Engineering Attacks How They Work

We have good news and bad news. The bad news is cybercrime is on the rise, and cybercriminals get the valuable intel they use to breach your company via the cycle of social engineering attacks. 

The good news? 

You don’t have to be an expert on social engineering attacks to protect your business. Our expert managed IT team can train your company on how to prevent phishing attacks and other cyber security risks.

Social Engineering Attacks: The 4-Step Process

Step 1: Gathering Information

Cybercriminals spend a lot of time and resources sourcing information because the juicier the information, the easier the following steps will be. They might use a phishing technique, or simply try to “friend” or connect with you on social media. Your social media can work against you; a random connection can look at the photos you’ve posted and find a little something that tells them enough about you to give them a way in.

Step 2: Relationship-Building

Once they’ve gathered enough personal information about you, the next step is to try to build some sort of relationship with you. This can happen in all kinds of digital spaces: on social media, by email, phone call, text or anywhere else. The initial contact may seem innocent, but it’s a step toward something more sinister.

Step 3: Exploitation

Once they have some sort of relationship with you, it’s time to hook you. They might send you what appears to be a legitimate link about something you have an interest in or trick you into giving them your email or password. Humans are wired to be social, and you are the weakest link in the chain. It requires you to take some action and is a great opportunity for training to make a big difference. 

Step 4: Execution

BAM! You’ve been hacked and you don’t even know it. In fact, you might even think you’ve helped someone else out. By the time you realize you’ve been scammed, the criminal has already done the damage, cleaned up their footprints and ensured their exit strategy with zero digital footprints left behind. 

What Happens When You Don’t Think Before You Post

Picture this: you had such a great time at a new restaurant and the food was so good, you decide to post a photo on Facebook, Twitter, Instagram or some other social media platform publicly, not just to your friends’ list.

Be careful here: Those types of photos contain much more information than you think. 

A picture is worth more than a thousand words; cybercriminals can get a lot of information from them in the form of metadata and even trick you into contacting them, thus finding out everything about you and your contacts.

One of the ways they gain your trust is by pretending they’re the manager of that restaurant, gym, movie theater, etc. You’re thanked for your patronage and offered discounts for the next time you come in. 

Pro tip: Don’t click on those links or respond. It’s just a phishing expedition that will lead to trouble.

Photos taken at your place of business are also full of information. Hackers can zoom in on your badges or the computer screen in the background, even on a post-it note which is in the frame, which may or may not contain a password hastily written down on it.

Enhance Your Social Media Cyber Security

Don’t become a target. Make yourself harder to pin down with these social media cyber security tips:

  • Think before you post, especially photos, and make sure there are no hints about your personal life – even ones that seem insignificant like your pet’s name. 
  • Trust no one who suddenly appears in your messages and encourages you to accept a freebie. Nothing is really ever free on the internet, and it could turn your life upside down.
  • Don’t lend your “expertise” about something to others on social media. Even if they are legit, if you personally know them, remain wary but find another way of sharing with them offline.

If your social media account does get hacked:

  • Check all your financial accounts. If you see any suspicious behavior, report it and lock down the accounts. Tell your banks and credit agencies as soon as possible, and change your login credentials. The new password should be difficult, with random upper and lowercase letters, a non-dictionary word and special characters, and not one that has been used before on any account. Learn more about strong passwords in our Password Management Guide.
  • Change your passwords for all social media accounts starting with the one that was compromised. 
  • Notify your social network about the hack. Your hack could give cybercriminals a way to establish rapport with your friends and compromise their accounts, too.
  • Consider what accounts you may have used your social media account to log in to with the “login with Facebook” button. Change the account credentials and disable the “login with” feature. As mentioned earlier, individual passwords are more secure.

Fighting Social Engineering Attacks

At Intrust, we’re familiar with how cybercriminals behave because we keep up to date with their techniques. Contact us or book a meeting to learn more about the latest in cybercriminal behaviors.

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Business Continuity Guide for City Managers - Intrust IT

Business Continuity Guide for City Officials

The resilience of a city's operations hinges on its ability to effectively weather unforeseen challenges. From natural disasters to cyber...
Integrating AI for Enhanced Security - Intrust IT

Integrating AI for Enhanced Security

Organizations face an unprecedented array of cybersecurity threats, and now, cybercriminals are actively leveraging artificial intelligence (AI) to help create...
Cybersecurity for Small Businesses Threat Management Strategies - Intrust IT

Cybersecurity for Small Businesses: Threat Management Strategies

The threat of cybercrime looms larger than ever before. With each passing year, we witness a staggering rise in cyberattacks,...
The Crucial Role of Data Backup in Business Continuity and Disaster Recovery - Intrust IT

The Crucial Role of Data Backup in Business Continuity and Disaster Recovery

Data is the lifeblood of any modern business operation. All organizations rely heavily on digital information, from customer and financial...
What is Two Factor Authentication, and Why Does it Matter - Intrust IT

What Is Two Factor Authentication, and Why Does It Matter?

You’ve likely seen security updates on your phone or computer asking you to set up 2FA or MFA to increase...
Should Information Technology Companies Allow Workers 9 Days AFK - Intrust IT

Should Information Technology Companies Allow Workers 9 Days AFK?

At Intrust IT, we know how powerful stepping away from work can be for our employees’ well-being. We became employee-owned...