We put so much effort into securing our systems. We enforce multi-factor authentication. We deploy WAFs. We mandate software updates. We constantly scan our code. We encrypt our communication and sensitive data. Researchers ensure that ciphers remain strong. Yet, we’re still getting hit. Facebook lost $99 million, Ubiquiti $39.1 million, Google $23 million, Toyota $37 million, the Government of Puerto Rico $2.6 million, and Belgian Bank Crelan $75.8 million.
What is the common denominator in all these attacks? Social engineering. It is one of the most subtle yet potent set of techniques, often used by individuals or groups to exploit human weaknesses and gain access to systems and sensitive data. No organization or group is immune to this form of attack.
Working in an IT company places us in the crossfire. On one hand, we have access to not only business data but also information that could be exploited to attack our organization. On the other hand, IT professionals themselves are well-positioned, making themselves potential targets of attacks.
While it’s almost impossible to be fully protected against social engineering, it is vital to understand the possible vectors of attack. Various methods and psychological tricks can be used to compromise our security or that of our organization.
So, let’s buckle up and take a small step toward becoming more secure.

Devoxx

A conference talk covering social engineering attacks and human vulnerabilities exploited by attackers. Topics include real-world breach examples (Twitter, Facebook, government agencies), data collection techniques (dumpster diving, OSINT, tailgating), psychological manipulation tactics (elicitation, pretexting, rapport building), and attack vectors like phishing, vishing, deepfake video calls, QR code quishing, and MFA bypass. A live DEF CON demo shows a telecom account takeover via a crying baby pretext. Defense strategies include awareness, risk assessment, security hygiene, creating fake personas for non-critical services, and reporting suspicious activity.

Social Engineering: Hacking Humans by Pawel Suchołbiak