UK CERT Introduction to Social Engineering

Social engineering is one of the most prolific and effective means of gaining access to secure systems and obtaining sensitive information, yet requires minimal technical knowledge. Attacks vary from bulk phishing emails with little sophistication through to highly targeted, multi-layered attacks which use a range of social engineering techniques. Social engineering works by manipulating normal human behavioural traits and as such there are only limited technical solutions to guard against it. As a result, the best defence is to educate users on the techniques used by social engineers, and raising awareness as to how both humans and computer systems can be manipulated to create a false level of trust. This can be complemented by an organisational attitude towards security that promotes the sharing of concerns, enforces information security rules and supports users for adhering to them. Even so, a determined attacker with sufficient skill, resources and ultimately, luck, will be able to retrieve the information they are seeking. For this reason, organisations and individuals should have measures in place to respond to, and recover from, a successful attack.

UKCERT Social Engineering

Want more insight?

This content is restricted to members only. Members get access to all of the content on this site. This includes over 3000 Risk Intel Reports, the Attack Database (10,000 entries), over 3000 Intel Advisories, Threat Group Profiles on 500+ groups and over 100,000 curated OSINT excerpts. Your membership also supports the cost of producing our hand-curated Daily OSINT report.

Please consider becoming a member. For more information please click here. Thanks!
OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.