Page 103 - Cyber Defense eMagazine October 2023
P. 103
and learning to recognize when these principles are being utilized is the first step in guarding against
these psychological cyber-attacks.
Authority
This principle relies on employees complying with a request from an individual who they perceive to be
in charge or in a position of power, regardless of whether they actually hold any influence.
Intimidation
Intimidation tactics are used by hackers to scare an individual into taking the desired action of the social
engineer.
Consensus
Most people want to do what others around them are doing, and cyber-criminals use this tactic to
persuade unsuspecting people to act in the same way.
Scarcity
Scarcity exploits the perception of limited resources or opportunities to make something appear desirable.
Familiarity
Cyber-criminals leverage positive feelings towards the social engineer or the organization they claim to
represent due to an existing bond.
Trust
Social engineers work to build a connection with the targeted employee.
Urgency
Urgency creates a false feeling of time-sensitive pressure to prompt individuals into making hasty
decisions.
Social Engineering Techniques
Social engineers may use a variety of techniques – both technical and nontechnical – to implement the
above principles when performing an attack.
Technical Techniques
One of the most common technical techniques an attacker may use is phishing. Phishing is a broad term
that describes the fraudulent collection of information, often focused on usernames, passwords, credit
card numbers, and related sensitive information. While email is one of the most common avenues for
phishing, other methods include smishing (phishing via SMS), vishing (voice over IP phishing), spear
phishing (targeted phishing), and whaling (senior employee phishing).
One of the best ways an organization can defend against phishing attacks is through employee
awareness training. A phishing attack can occur to anyone at an organization, so it is crucial that all
employees are taught how to recognize and respond to phishing attacks.
Cyber Defense eMagazine – October 2023 Edition 103
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.