Social engineering is a manipulation technique that tricks human judgement into divulging information or taking action. The purpose of social engineering is to take advantage of people’s cognitive biases.
For instance, the human tendency to trust people we perceive as likeable, attractive, or authority figures is being used against us in social engineering attacks. For example, an employee’s reaction to an email from a co-worker asking for an update will be different if their manager or CEO asks for the same information.
How Does Social Engineering Work?
Most social engineering attacks rely on actual communication between attackers and victims. It could be by email, phone call or even in-person interaction. The attacker tends to motivate the user into compromising themselves by convincing them to share or exchange information.
Let’s understand different social engineering attacks work:
Phishing is a cyber-attack that uses disguised email as a weapon. Scammers use email or text messages to trick you into giving them your personal information. Scammers launch thousands of phishing attacks like these every day — and they’re often successful.
The most commonly used phishing email or text reasons are:
- they’ve noticed some suspicious activity or login attempts
- claim there’s a problem with your account or your payment information
- you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- you’re eligible to register for a government refund
- offer a coupon for free stuff
- updates on coronavirus and/or vaccination update
Like phishing, baiting involves offering something enticing to you in exchange for login information or private data. The bait comes in many forms, both digital in the form of web links, websites and physical, such as a corporate branded flash drive labelled “Executive Salary Summary Q3” that is left out on a desk for you to find. Once the bait is downloaded or used, malicious software is delivered directly into your system, and the hacker can get to work.
Quid Pro Quo
Similar to baiting, quid pro quo involves a hacker requesting the exchange of critical data or login credentials in exchange for a service. For example, an employee might receive a phone call from a hacker who, posed as a technology expert, offers unfamiliar IT assistance in exchange for login credentials. Another typical example is a hacker posing as a researcher, asks for access to the company’s network as part of an experiment in exchange for $100. If an offer sounds too good to be true, it probably is quid pro quo. As part of our strict security policy, an Idealogical technician will never ask you for your login credentials to troubleshoot your IT issues.
Piggybacking is like tailgating. When an unauthorized person physically follows an authorized person into a restricted corporate area or system. One tried-and-true piggybacking method is when a hacker calls out an employee to hold a door open for them as they’ve forgotten their ID card. Another strategy involves asking you to “borrow” your laptop for a few minutes, during which the criminal can quickly install malicious software.
Impersonation is also known as pretext attack. It is the human equivalent of phishing when a hacker creates a false sense of trust between themselves and you by impersonating a co-worker or a figure of authority well known to you in order to gain access to login information. Here is everything you need to know about impersonation attack.
Introducing Newly Revamped Idealogical Core Values
At Idealogical, we are constantly evolving with the rapidly changing world of small business and company culture. We believe having clear company core values helps us ensure that all of us at Idealogical are working towards the same goals while retaining our strong company culture.
One of our goals for the first quarter of 2021 was to update our previously defined 10 core values to make them relevant with the changing times.
We framed our first set of core values in late 1998. At the time, we were inspired by several businesses who put their company culture into words through a set of shared values. Many of our previous values were derived from who we truly were as a company. These values have served as a guide for Idealogical in many things.
It’s been nearly two decades since we initially defined our company values. Although they have gone through a few minor updates throughout the years, we hadn’t truly revisited them in a significant way.
Meanwhile, our Idealogical team has grown and will continue to grow fast. Our culture has changed and evolved, and with it, our values.
So, in 2021, It was time to look at our values in a new light.
Here’s presenting our new core values to you: