Glossary Term

Social Engineering

Social Engineering refers to any method of gaining illicit access to secured systems that relies not on technical skill, but rather on social and interpersonal skills for its success.

In practice, most social engineering "attacks" involve using misinformation, misdirection, or the everyday human rules of etiquette and reciprocity to cause people in positions of authority or responsibility to inadvertently make errors in judgement in which they provide access to key systems or key credentials incorrectly.

At one end of the spectrum, phishing is a kind of high-volume social engineering attack with which most contemporary users are familiar. In phishing, a malicious actor impersonates someone else in email, relying on brand recognition and authority to fool users into clicking on links to malware or to similarly false websites where they surrender their credentials happily. Phishing uses no special technical methods at all, but rather is simply a matter of fooling credulous users.

At the other end of the spectrum, individual impersonations by telephone are a classic form of social engineering in which a malicious actor calls a help desk or other privileged party within an organization, often claiming to have been referred by a colleague or to be an employee who has been locked out of their account. With the right manner, background knowledge, banter, and congeniality, the helpdesk worker or privileged party can often be fooled into granting access or providing secure credentials, which they imagine will help someone "on our team" to "get their work done." In fact, by providing these, they have enabled a malicious actor to enter a secured system without applying any particular computing techniques whatsoever.

2FA/MFA Rapid Reference

Authentication at a glance

Download the 2FA/MFA Rapid Reference now:

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms

 

2FA/MFA Rapid Reference

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms
Save PDF  

MORE DOWNLOADABLE REFERENCEs

PDF

2020 Authentication Guide

Summary of authentication recommendations from major standards bodies, plus Plurilock’s own recommendations.
PDF

White Paper: Advanced Authentication

The state of authentication today—and why you need Plurilock products.
PDF

Understanding MFA vs. Privacy

Is multi-factor authentication always good for privacy? See why it isn't, and which strategies make the grade.
PDF

Behavioral Biometrics Guide

The definitive guide to behavioral biometrics, a core Plurilock technology.

Stay informed. Join our low-volume mailing list for Plurilock and cybersecurity news and updates.

PLURILOCK IS THE LEADER IN ADVANCED AUTHENTICATION

Plurilock is the leader in advanced, risk-based authentication. We provide invisible, device-free MFA for corporate endpoints, Citrix sessions, cloud applications, and their users in finance, healthcare, education, and SaaS.

Follow

        

Contact Plurilock

Have a question or comment? 

Plurilock Lead Capture Block

Welcome to Plurilock!

We’d love to hear about your interest in our products.

Great!

Okay, cool.

We'd like to provide you with more info. How can we reach you?

Enter your email above to agree to receive commercial electronic communication from Plurilock via email.

Thanks!

Someone from Plurilock will get in touch with you soon.
 
In the meantime, learn more about our ADAPT and DEFEND products—and be sure to check out our Blog for in-depth cybersecurity coverage.