Social Engineering Attacks: Definition, Methods & Prevention

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

Unlike typical hacking attempts which focus on vulnerabilities in computer systems, social engineering attacks rely on deception and psychological manipulation of people. Victims hand over sensitive information or access to a system. They may not realise they've made a mistake until days, weeks, or even months later.

What Is Social Engineering?

Technology users know they should protect sensitive information from outsiders. But during a social engineering attack, they're tricked into trusting a person, entity, or piece of hardware so a hacker can exploit that trust and gain access to systems.

The word "social" refers to the human part of this attack. Humans are generally trusting, and we want others to like us. We also tend to bow to those in authority. A hacker uses these traits against us during a social engineering attack. 

We'll dig into examples in a moment. But for now, let's describe the steps hackers typically follow to pull off an attack like this. Your attacker will:

  • Prepare. Your hacker might look for a specific target within your organisation. Or the hacker seeks out vulnerabilities in your physical office layout or digital platforms. Then, the hacker determines the best attack approach. 
  • Capture. The hacker launches the attack and hopes to inspire trust. The victim is pulled in, and the real danger begins. 
  • Complete. The hacker ends the attack and hides all the evidence. 

No lights flash or bells ring when you're a victim of a social engineering attack. Instead, the hacker silently steals the data and disappears into the vapour.

8 Social Engineering Attack Examples

We've described how or why people might launch social engineering attacks. But what does one really look like, and how does it work? Let's dive into a few descriptions and real-world examples.

1. Baiting

Your hacker sets up a false promise, and you're somehow encouraged to learn more or take advantage. When you do, the hacker launches malware that infects either your device or your company's server. 

North Korean hackers used this technique against American securi