Social Engineering: Is Your Company at Risk?


Social engineering is a tactic used by cyber criminals to manipulate individuals to gain confidential information such as Social Security numbers, credit card numbers, passwords, etc.

In the cybersecurity world, the weakest link in the security chain is the users, which is why people are the target when it comes to social engineering.

It doesn’t matter how many security measures you have in place.

You can have locks on your doors, an alarm system, the latest firewalls, and network or security monitoring tools; all it takes to hack into your network is to trick a user into clicking on a malicious link they think came from a social media site.


What Is An Example Of Social Engineering?

Social engineering is responsible for many attacks.

In fact, employees open more than 1 out of 4 business email compromise attacks, according to Abnormal Security.

Attackers will take whatever means necessary to gain access to a company's network and steal personal information.

Criminals will sometimes take weeks or even months to do research about companies and their employees on social media like LinkedIn, Twitter, or Facebook before coming in the door. 

In your workplace, how often have you heard phrases like:

  • “Could you hold the door, please?"
  • "My hands are full."
  • "I forgot my badge.”

Even though the individual may not seem suspicious, this is a very common tactic used in this type of cyberattack.

On the phone, a social engineer might call and pretend to be a trusted person (law enforcement, co-worker, IT support, bank auditor, etc.) in the hopes you'll reveal sensitive data. 


What Are All The Types Of Social Engineering?

There are many types.

Below, we've listed the most common. 



This is the most common technique.

Phishing is a technique used to convince people to open emails or attachments infected with malware.

Criminals will usually start phishing campaigns by creating a web page that looks familiar to the user, like Outlook, Amazon, or a social networking site.

They will then send a crafted email to the company without targeting a specific user.

Clicking on any link in these emails will take users to a login page asking them to provide their login information.

This eventually will lead to requesting credit card information or any potentially sensitive information.

For precaution, never open links or attachments that are from unknown sources.

It is best to report it when in doubt.

This helps reduce the risk of getting compromised and increases the level of awareness of phishing scams.



This is another form of social engineering where attackers pretend to be someone one else to obtain sensitive information.

Pretexting can be used to create a whole new identity, and then using that identity to manipulate users.

For instance, a criminal may call and claim he's from the HR department, and ask you a few questions.

When the criminal has the information he wants, he will sell it to people who may use it to steal your company’s assets or even sue you.



This usually starts with a criminal striking up a friendly conversation to talk their way into accessing a restricted area of your business.

This could be as simple as an employee opening a door and holding it open for another person to enter, without any proof that the person they let in had the authorization to enter.



Baiting is simply offering users something free.

An attacker might offer you free movie or music downloads.

These, of course, contain malicious programs.

In another instance, an attacker would leave an infected USB flash drive at a public place hoping someone would pick it up and use it on their devices.


Protecting Your Business Against Social Engineering

Social engineering should be a concern for organizations of any size big or small.

Therefore, prevention and education play a key role in avoiding incidents.

Integrity can assist and support your organization with a customized security bundle that addresses these common threats.

The goals are to:

  • Minimize your risk associated with these threats,
  • Reduce the likelihood of a security breach,
  • Help your people become "protectors of information," and
  • Demonstrate due diligence on behalf of your organization related to security compliance.

Integrity's Information Security Advisor and dedicated Security Services Team are ready to assist you with:

  • Ongoing Security Awareness Program - Employee Education
  • Multifactor Authentication - Protecting Against Credential Theft
  • Mobile Device Management - Policy Creation, Support, and Management Tools
  • Advanced Management Security Monitored Compliance Reporting

Contact us for more information.

New Call-to-action

Read On