Many of us remember our parents saying not to take candy from strangers. Today, we can apply a similar mindset to avoid social engineering.
Social engineering is the threat that keeps on coming back. Threat actors are learning to use even cybersecurity researchers’ best intentions against them. Let’s take a look at tactics threat actors use to target researchers and other experts. With social engineering getting inside people’s heads, how can you watch out for and prevent it?
What is Social Engineering?
Social engineering does something all other attempted technical attacks cannot: it gets into your head. It will attack the rational and irrational, the careful and the irresponsible, and on occasion, is still a success against the knowledgeable and paranoid.
What does social engineering mean in the context of cybersecurity? Most simply: it is the employment of deceptive tactics against a target in order to retrieve access to resources for some fraudulent or malicious purpose. Or, in simpler speak: a con artist trying to dupe you by preying on your emotions.
Social Engineering Always Evolves
Key to any successful social engineering attack is the need to exploit emotions. One recent social engineering example, identified by Google’s Threat Analysis Group, demonstrates that malicious actors are going to great lengths to pull off their latest con. This novel threat, announced in January 2021 after several months of work, targeted security researchers with tactics we’ll discuss below.
You would think security researchers would have enough knowledge — and perhaps even be paranoid enough — to avoid a sneak attack on them. But the malicious actors still go back to what they know: emotions. Let’s briefly examine ..