Social engineering can be a malicious user pretending to be someone they’re not (for example, if they have gained unauthorised entry into someone’s social media account(s)) or if they’re contacting a service provider and pretending to be someone else in order to be able to, perhaps, gain unauthorised entry into some service, such as a web server or to extract information that would be useful to the malicious user.
There have been many instances of social engineering attacks. One of which involved a malicious user impersonating a lead developer of the popular billing software solution, WHMCS, which resulted in WHMCS’ server being compromised because the impersonator was able to answer all of the verification questions correctly. Social engineering is very effective and often results in favourable results for criminals.
How can I avoid social engineering attacks?
Social engineering attacks can generally occur anywhere – on social networking sites as well. The general advice would be to always remain vigilant and be wary about anything that looks suspicious. Even criminals sending e-mails through their compromised e-mail account is social engineering because some people may think it was sent from the actual person who owns the e-mail account.