Social Engineering Attacks: How They Work

Social Engineering Attacks How They Work

We have good news and bad news. The bad news is cybercrime is on the rise, and cybercriminals get the valuable intel they use to breach your company via the cycle of social engineering attacks. 

The good news? 

You don’t have to be an expert on social engineering attacks to protect your business. Our expert managed IT team can train your company on how to prevent phishing attacks and other cyber security risks.

Social Engineering Attacks: The 4-Step Process

Step 1: Gathering Information

Cybercriminals spend a lot of time and resources sourcing information because the juicier the information, the easier the following steps will be. They might use a phishing technique, or simply try to “friend” or connect with you on social media. Your social media can work against you; a random connection can look at the photos you’ve posted and find a little something that tells them enough about you to give them a way in.

Step 2: Relationship-Building

Once they’ve gathered enough personal information about you, the next step is to try to build some sort of relationship with you. This can happen in all kinds of digital spaces: on social media, by email, phone call, text or anywhere else. The initial contact may seem innocent, but it’s a step toward something more sinister.

Step 3: Exploitation

Once they have some sort of relationship with you, it’s time to hook you. They might send you what appears to be a legitimate link about something you have an interest in or trick you into giving them your email or password. Humans are wired to be social, and you are the weakest link in the chain. It requires you to take some action and is a great opportunity for training to make a big difference. 

Step 4: Execution

BAM! You’ve been hacked and you don’t even know it. In fact, you might even think you’ve helped someone else out. By the time you realize you’ve been scammed, the criminal has already done the damage, cleaned up their footprints and ensured their exit strategy with zero digital footprints left behind. 

What Happens When You Don’t Think Before You Post

Picture this: you had such a great time at a new restaurant and the food was so good, you decide to post a photo on Facebook, Twitter, Instagram or some other social media platform publicly, not just to your friends’ list.

Be careful here: Those types of photos contain much more information than you think. 

A picture is worth more than a thousand words; cybercriminals can get a lot of information from them in the form of metadata and even trick you into contacting them, thus finding out everything about you and your contacts.

One of the ways they gain your trust is by pretending they’re the manager of that restaurant, gym, movie theater, etc. You’re thanked for your patronage and offered discounts for the next time you come in. 

Pro tip: Don’t click on those links or respond. It’s just a phishing expedition that will lead to trouble.

Photos taken at your place of business are also full of information. Hackers can zoom in on your badges or the computer screen in the background, even on a post-it note which is in the frame, which may or may not contain a password hastily written down on it.

Enhance Your Social Media Cyber Security

Don’t become a target. Make yourself harder to pin down with these social media cyber security tips:

  • Think before you post, especially photos, and make sure there are no hints about your personal life – even ones that seem insignificant like your pet’s name. 
  • Trust no one who suddenly appears in your messages and encourages you to accept a freebie. Nothing is really ever free on the internet, and it could turn your life upside down.
  • Don’t lend your “expertise” about something to others on social media. Even if they are legit, if you personally know them, remain wary but find another way of sharing with them offline.

If your social media account does get hacked:

  • Check all your financial accounts. If you see any suspicious behavior, report it and lock down the accounts. Tell your banks and credit agencies as soon as possible, and change your login credentials. The new password should be difficult, with random upper and lowercase letters, a non-dictionary word and special characters, and not one that has been used before on any account. Learn more about strong passwords in our Password Management Guide.
  • Change your passwords for all social media accounts starting with the one that was compromised. 
  • Notify your social network about the hack. Your hack could give cybercriminals a way to establish rapport with your friends and compromise their accounts, too.
  • Consider what accounts you may have used your social media account to log in to with the “login with Facebook” button. Change the account credentials and disable the “login with” feature. As mentioned earlier, individual passwords are more secure.

Fighting Social Engineering Attacks

At Intrust, we’re familiar with how cybercriminals behave because we keep up to date with their techniques. Contact us or book a meeting to learn more about the latest in cybercriminal behaviors.

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...