Blog Image
Subscribe to our blog

Social Engineering: Understanding the Importance of Cybersecurity

Email is not what it once was. In the past, we could receive an email from friends and family and not hesitate to open it. The joy of receiving an email from a loved one quickly turned into urgency as you raced to open it and see what they wrote. That feeling of trust and joy is exactly what internet hackers are now trying to exploit through social engineering.

Social engineering is a technique used to manipulate individuals into giving up valuable information. There are several different techniques used to obtain information: these include emails, personal contacts and phone calls. As if cluttered inboxes, anti-virus pop ups and spam filters were not enough, we now should inspect with caution every single email, phone call and person that we come across every day.

Over time, security equipment like firewalls and routers have become very sophisticated and difficult to hack. Rather than trying to break through these devices to get the data they are searching for, hackers have found an easier way to get information going after the individual or employee.  Targeting our impulses and understanding the psychology of a busy worker has proven to be a much more lucrative venture for these cybercriminals.

Phishing Attacks

One of the most common and sophisticated social engineering techniques is called phishing.  In this strategy, a hacker will dress up an email to look like it is something that is expected by the recipient.  An example may be an email coming from your IT department asking you to change your password. There will almost always be red flags within the email, but to the untrained eye these details may not be so obvious.

Here are some red flags to look for:

This is obviously not a complete list but it will help you determine patterns to look for and avoid clicking on a link with the potential to cause a data leak or breach.

Other Types of Social Engineering Attacks

There are several other tactics that are used that may not be as common as phishing, but we should still be aware of them. These are just as dangerous and will result in the same type of breach as email phishing.

Voice Phishing (Vishing) – A phone call is made that may appear to be from your bank or credit card company asking you to confirm your information to update your records on file.  An unsuspecting victim could potentially give up personal information and become a victim of identity theft.

SMS phishing (Smishing)  - Like email, an SMS or text message can be sent to your phone asking you to either click on a link or respond with personal or business information.

Physical Breach – A person could appear in person and pose as an employee or contractor to gain access to unauthorized areas or information.


A human firewall is a term used to define the line of defense or individuals that combat security threats. An organization needs a commitment from its staff to follow best practices to prevent a social engineering attack from happening. The more employees you have committed to being part of the human firewall, the stronger it gets. As an organization, you will need to make sure staff has adequate training and is properly equipped to help combat these hackers. By being aware, careful and knowledgeable, each individual can be an extra layer of security, not only for their own personal information but for the organization they work for as well.

Zandro Diaz

By Zandro Diaz
Chief Technical Officer, Crescendo Interactive, Inc.

* Required Fields
Post a Comment

Would you like to learn more about our services?
Please contact us for a free demonstration