In Security Jargon, Social Engineering is the act of using Non-Technical aspects for obtaining confidential information.  The attacker don’t need to have contact with the victim in person. These kind of attacks are called as social engineering attacks. Here the intended victim is tricked to do something needed by the attacker. A common example is phishing. It is a kind of social engineering attack. If you are still confused with this term, I can explain this with another example. Consider this, X wants to break into a computer network using  social engineering trick. He will try to gain the attention of Y who has access to authorize the network in order to get the required information for breaking the network’s security. This is known as social engineering attack.

MUST READ : Beware Of Phishers – A Brief Review

How to avoid being a victim of Social Engineering Attacks?

• Never provide your personal information or information about your company/organization unless you are certain of the person’s identity and authority to have that information.

• Never reveal personal and financial information in email and do not respond to email solicitations for this information. This includes the links sent in email.

• If you are not sure whether an email you got is legitimate or not, then try to verify it by contacting the company/organization directly indeed. Do not use the contact information provided in that email instead use the one from your previous emails.

• Always check the URL of a web site. Phishing web sites may look identical and genuine to a legitimate site, but the URL may slightly differ like misplaced words and letter. Also check the domain name extensions (Like .com or .org).

• Never send sensitive and worthy information over the Internet before checking the security of a website.

• Always be aware of unsolicited phone calls, visits and emails from individuals asking about your employees or other such information. Better try to verify his or her identity directly with the company.

If you are victim of this…..

• If you revealed sensitive information about yourself and your organization, report it to the concerned people within the organization.

• If  your financial accounts may be compromised then contact your financial institution immediately and close the accounts that may have been compromised.

• Consider reporting the attack to the police, and file a report with the Federal Trade Commission.

Don’t give any sensitive information to anyone unless you are sure about the person’s identity and that they should have access to the information. Choose not to be a victim.