and learning to recognize when these principles are being utilized is the first step in guarding against
            these psychological cyber-attacks.

            Authority
            This principle relies on employees complying with a request from an individual who they perceive to be
            in charge or in a position of power, regardless of whether they actually hold any influence.

            Intimidation
            Intimidation tactics are used by hackers to scare an individual into taking the desired action of the social
            engineer.
            Consensus

            Most  people  want  to  do  what  others  around  them  are  doing,  and  cyber-criminals  use  this  tactic  to
            persuade unsuspecting people to act in the same way.
            Scarcity
            Scarcity exploits the perception of limited resources or opportunities to make something appear desirable.

            Familiarity
            Cyber-criminals leverage positive feelings towards the social engineer or the organization they claim to
            represent due to an existing bond.

            Trust
            Social engineers work to build a connection with the targeted employee.
            Urgency

            Urgency  creates  a  false  feeling  of  time-sensitive  pressure  to  prompt  individuals  into  making  hasty
            decisions.


            Social Engineering Techniques

            Social engineers may use a variety of techniques – both technical and nontechnical – to implement the
            above principles when performing an attack.

            Technical Techniques

            One of the most common technical techniques an attacker may use is phishing. Phishing is a broad term
            that describes the fraudulent collection of information, often focused on usernames, passwords, credit
            card numbers, and related sensitive information. While email is one of the most common avenues for
            phishing, other methods include smishing (phishing via SMS), vishing (voice over IP phishing), spear
            phishing (targeted phishing), and whaling (senior employee phishing).

            One  of  the  best  ways  an  organization  can  defend  against  phishing  attacks  is  through  employee
            awareness training. A phishing attack can occur to anyone at an organization, so it is crucial that all
            employees are taught how to recognize and respond to phishing attacks.







            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          103
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.