Social engineering is one of the largest threats to an organization as the attack is targeted and can come from a variety of avenues. Social Engineering uses manipulation, influence, or deception on the victim to gain access to personal or financial information, as well as control over a computer system or network. Social engineering uses the exploitation of a trusted relationship with trusted access by using deception and manipulation to convince the victim to click on a malicious link or attachment, give information, or reveal credentials. 

Social engineering attacks are effective as they target human qualities and emotions, such as fear, trust, and obligations. Social engineering attacks come in many different forms and are carried out anywhere people engage each other. Unlike mass phishing attacks, social engineering is highly personalized, with the attackers spending time, resources, and effort conducting research into the targeted victim and developing the attack, with each attack being customized for the given victim.  

Watch the video below to see what can happen when criminal elements cooperate with nation state actors, and then click “THINK” to test your knowledge. Finally, explore additional resources related to insider threat by clicking “DIG DEEPER.”