Search
  • bavina5

How Does Social Engineering Affect your Decision Process?

How Does Social Engineering Affect your Decision Process?

What is social engineering, and how does it affect your decision-making process. Social engineering is a way of cybercriminals manipulating someone to do something that is not in their best interest. Many times, social engineering is used to commit fraud, gain account access, or build a profile for a bigger score.

Here are some of the key factors for social engineering:

· A favor for a favor. People are more trusting of someone if they have received a gift or favor and are willing to return the favor or be too trusting of the other party.


more likely to act without a second thought. Social media is an excellent source for this type of information.


· A place of authority. People tend to comply with figures of authority out of fear of getting in more trouble, or it’s just ingrained into people to inherently trust authority figures even when things do not seem right.


· Acceptance is a powerful motivation to do or comply with a crowd or movement.


· Demand is also a way to get people to act and make snap decisions without thinking things through. Demand creates the fear of missing out or letting the deal of the century pass you by.




· Laziness or routine tasks can cause someone to overlook minor details that can be catastrophic. For instants, a cybercriminal changing a domain by one letter like an l to a 1. I witness this firsthand. An Executive regularly sent money wires out to companies for payment. A request for $5000.00 came by email from the executive to send to a company. The request was ready to send, and the executive happens to walk by the office of the person fulfilling the request when she mentioned your request is ready to be sent. He replied, “What request?”. The domain had been altered by one character. The email and signature were a perfect match.


What can be done to minimize social engineering?

· Train end-users

· Have a zero-trust policy


for the crucial functions of your business. (double-check and confirm)

· Have policies and procedures in place to guard against attacks

· Simulate events to confirm training or expose the weakness in your training. Failure is a powerful learning tool, and tipping staff to simulations will not help anyone.

· Regular reviews of your policies and procedures, and you must be flexible and vigilant to keep up with an ever-changing threatscape.


7 views0 comments