The Dynamics of Social Engineering and Cybercrime in the Digital Age

The Dynamics of Social Engineering and Cybercrime in the Digital Age

Nabie Y. Conteh, DeAngela “Dee” Sword
DOI: 10.4018/978-1-7998-6504-9.ch011
(Individual Chapters)
No Current Special Offers


Social engineering attacks have emerged to become one of the most problematic tactics used against businesses today. Social engineers employ both human-based and computer-based tactics to successfully compromise their targeted networks. This chapter will discuss the basics of social engineering and what it means today. It will explain some common attack methods like baiting, phishing, pretexting, quid pro quo, tailgating, and dumpster diving. It will then highlight the impact social engineering has had on the rise in cybercrime and why threat actors have grown more innovative. Finally, this chapter will discuss what multi-layer defense or defense in depth is and offer countermeasures that can be enforced to defend against social engineering attacks.
Chapter Preview

Ii. Social Engineering Defined

Social Engineering is a form of deception that hackers use to acquire sensitive information, access to unauthorized infrastructure and facilities. There are two main categories under which all social engineering attempts can be classified either technology based deception or human based deception (Thapar, n.d.). With technical tactics, the social engineer uses computer applications to trick users into carrying out a specific action. On the other hand, human based tactics are performed by attackers who understand flaws in human psychology. Businesses should be conscious of both categories of social engineering tactics because each approach could lead to a compromised network. The following are various types of social engineering attacks but attackers are not limited to only these methods:

  • Baiting: A hacker preloads malware onto external storage devices (i.e. CDs or USBs) and strategically leaves them in public areas of the targeted business. Unsuspecting employees then pick up these CDs or USBs labeled company info and plugs it into their computers.

  • Phishing: Social engineers send fraudulent emails that may look legitimate to recipients. The email may request an action such as disclosing sensitive information or clicking a malicious link.

  • Pretexting: The malicious actors use masquerading and dishonesty to retrieve valuable information about the person or company. The attacker calls an employee and request him or her to validate their username and password for security purposes.

  • Quid pro quo: The social engineer preforms a good deed for the victim in hopes of gaining their gratitude. The victim is then more likely to return the favor with a favor.

  • Tailgating: The malicious actor waits near an entrance until authorized personnel enters and follows the employee into the controlled area.

  • Dumpster Diving: Attackers rummage through a company’s dumpster or trash cans with hopes of finding useful information about the company, its employees and the network.

Complete Chapter List

Search this Book: