Social engineering is a technique used by fraudsters to deceive others into divulging confidential information and/or performing an act that compromises or circumvents security measures. Social engineering techniques exploit human psychology rather than technical vulnerabilities. They often involve the use of urgency, fear, or authority to convince users to bypass security protocols.
Use case/ examples for social engineering
Phishing defense: Training employees and customers on how to recognize phishing attempts and ways to confirm with trusted entities when something seems off, and implementing email authentication protocols that reduce the deliverability and effectiveness of spoofed emails internally.
Impersonation prevention: Establishing verification procedures that require callbacks to known numbers or a secondary form of authentication (e.g., 2FA) before processing requests for sensitive and/or high-value actions like password resets, wire transfers, or account changes.
Customer education: Developing awareness programs that help customers learn how to recognize common social engineering tactics, including what pretexting is, how urgency manipulation works, and what to do when they receive requests for sensitive information through unexpected channels.
