Social engineering tactics used by scammers involve exploiting human characteristics like curiosity, impatience, gullibility, tech addiction, and burnout. Perry Carpenter, chief evangelist and security officer for KnowBe4, shares common social engineering hacking tactics and ways to limit the risk they pose.
Social engineering is one of the most prevalent attack vectors used by scammers to manipulate people to make them perform an unsafe action — such as downloading an attachment, clicking on a URL or divulging personal or sensitive information. The growth in social engineering has been remarkable: in 2021 alone, social engineering threats grew by 270% while an estimated $6.9 billion were stolen using social engineering scams.
Popular Social Engineering Techniques
Threat actors are keen observers of human behavior. They know that people are fairly predictable and possess inherent weaknesses (such as blind trust, gullibility, curiosity and biases) that can be exploited for scams and hacks. Let’s look at some popular social engineering techniques used by scammers and cybercriminals:
- Phishing & smishing: Phishing is one of the most well-known tricks in the book of social engineering. It typically takes the form of a legitimate-looking email, social media message or text received on your phone (a.k.a. smishing). The message usually contains a request, prompting the target to perform an action such as replying to the email, downloading an…
