In this series, Black and White bring you information to better equip you for work, life and play in a smartphone world.

What is Social Engineering?

Social Engineering involves some form of psychological manipulation whereby unsuspecting users are fooled into disclosing private, confidential or sensitive information.

Social engineering most commonly occurs over email and target the emotions: urgency and fear are used to trigger a prompt response from the victim.

Due to the fact that social engineering targets human emotions, it is tricky for big companies and enterprises to prevent it from happening to it’s employers and constituents.

Social Engineering vs Hacking

Social Engineering is not hacking because information is shared and not stolen, even though the means of accessing that information may be dubious. Hacking involves the use of computer technologies to gain unauthorised access to systems and networks. If you have willingly or accidentally shared or disclosed personal information to someone, you have not been hacked.

What to look out for

Social Engineering is impervious to ICT systems because they harness social interaction to fool the victim. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity.

What are some common forms of Social Engineering?

Phishing and Spear Phishing – Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organisation. Spear phishing is when that source is supposedly someone you know.

Organisations to suspect:

Charities during natural disasters, epidemics or health scares, major political elections, holidays or times of economic surge or strife.

Ransomware – Ransomware is usually a phishing email sent with an attachement that reads “URGENT”. The attachment might have a file extension of “PDF.zip” or “PDF.rar” The attack often encrypts the entire hard disk of your computer and documents and would require a bitcoin payment to unlock.

How can you protect yourself

• Set strong passwords
• Use two-factor authentication
• Never share or distribute or tell others confidential information such as passwords and PINS
• Be sceptical of unsolicited emails
• Be mindful of where you are logged in and notification of your account activity.

What can you do if you get attacked

• Report it to the social media platform
• Report it to your workplace
• Report it to the office of e-safety

For more information or to report a case of social engineering visit the E Safety office website