Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Social Engineering Beyond the Inbox
Security

Social Engineering Beyond the Inbox

By Jay Pitzer
17 June, 2020

Not all cyberattacks require high-tech wizardry to pull off. Attack vectors requiring technical knowledge certainly do occur, but a good portion of cyberattacks begin with simple social engineering. 

The most common form of social engineering is phishing. However, it’s not the only form. In this blog, we’ll talk about phishing and several other forms of social engineering. But first, let’s talk about what social engineering is and why it’s so effective. 

Psychological vulnerabilities

Hacking involves breaking into a network or device by exploiting vulnerabilities in code, IT infrastructure, the network, or device communications. Social engineering, on the other hand, exploits vulnerabilities in human psychology.

Humans are both wired and socialized to fall for some of these schemes. For example, one of the major social engineering techniques involves using authority to gain compliance. Most humans obey authority instinctively. That instinct gets reinforced throughout their lives by parents, teachers, police officers, and even doctors. 

However, scammers can “borrow” this authority to achieve the same type of compliance from people and trick them into giving up money or personal information. For example, a scammer might pose as a technical support professional from Apple, claim the target’s computer was hacked, and ask them to install a “security” package that gives the attacker remote access to the machine. Tech support schemes like this one have been around for a while and don’t require hacking skills. However, criminals can also pose as other types of authorities like health officials, IRS officials, or private investigators. 

While there are other vulnerabilities, we’ll save covering those for another day. Instead, it’s important to understand the different ways criminals launch their attacks. 

Types of social engineering attacks

CTA Image

SolarWinds Remote Monitoring and Management

Get the tools you need to manage, secure, and improve all things IT—all within a single web-based dashboard.

Try It Free Learn More

The most common social engineering attacks occur via email. Phishing schemes involve sending out bulk email attempting to lure recipients into giving up personal information. Spear-phishing involves a more targeted approach. Criminals perform reconnaissance against a high-value target like an executive, then craft extremely convincing emails based on the intelligence they’ve gathered. 

Both attacks occur over email. However, social engineering attacks don’t stop with the inbox. Here are a few other common attacks:

Vishing

Voice phishing, or vishing for short, refers to phone phishing. Vishing is an easy method for scammers to make money because it’s easy to forge caller ID and use automated messages. In general, most people have become used to companies using automated voice messages, so scammers can take advantage of this. Plus, once someone answers, the scammer can get on the phone and guide the victim toward the desired outcome. 

A common example might include someone using an automated voice system and dialer to call people from a fake caller ID (which helps conceal the scammers) claiming the victim has been hacked. Once the recipient responds, a human can get on the line and try to get them to install or remote access tools, giving the scammer control over the victim’s computer. 

Smishing

As texting has become more common, criminals have shifted toward using SMS messages to phish people (this is called smishing). People may receive a message like, “Your bank account has been compromised. Please click the link to unlock your account.” Once that occurs, the victim goes to the site and enters their bank credentials, which scammers then use to steal funds. 

Smishing attacks aren’t as widespread as email phishing, but they’re becoming more common. In fact, some reports claim 15% of enterprise users have received a smishing message. It’s important to make customers aware of the dangers of clicking unsolicited links in their text messages. 

Social media phishing

Ultimately, if there’s an easily usable communication method, criminals will find a way to weaponize it as a phishing tool. Social media is no exception. Creating false social media profiles can be an easy method of tricking people into giving up important information. A criminal may attempt to impersonate a friend by using their photos and name and ask for money via a link. Plus, people often have their guards down when using social media—especially on mobile—when compared to using work email. 

Baiting

Baiting plays on people’s natural curiosity to get them to perform an action. Most commonly, this refers to someone leaving a piece of physical media like a USB drive lying around in plain view, assuming a passerby will then plug it into their computer to examine the contents. However, these USB drives often contain malware and start the process of compromising a system or a network. 

Tailgating

Another social engineering attack that occurs outside of cyberspace, tailgating refers to the practice of trying to enter an unauthorized physical area. One common method involves a criminal trying to get into a company’s building by asking an employee to hold the door for them and claiming they’ve forgotten their badge or key. This preys on people’s manners but can lead to employees letting malicious actors in just long enough for them to cause damage to the network. 

Protection against social engineering

Social engineering requires strengthening the human element of security. Odds are good you already offer some form of user security training to keep users from falling victim. If you do, make sure your training goes beyond covering email threats like spam, attachments, and phishing to ensure customers also know to be careful on other channels like text or social media. Additionally, make sure your training reminds people to avoid using unknown physical media like USBs, CDs, or DVDs and to think twice before letting someone in the building. Also, consider providing frequent refreshers so people stay vigilant. 

Another important thing to remember is social engineering is typically only one piece of a larger attack. For this reason, having other layers of security in place can make a major difference in your customers’ security postures. This means keeping up with patching, running frequent backups, and installing endpoint protection on devices. 

SolarWinds® RMM offers patch management, integrated backup, web protection, and email protection. You can also run advanced endpoint protection via SolarWinds Endpoint Detection and Response (EDR), powered by SentinelOne, alongside SolarWinds RMM to discover and fight back against advanced threats at the endpoint level. Learn more about both SolarWinds EDR and SolarWinds RMM today. 

 

Jay Pitzer is Senior Manager, Product Marketing at SolarWinds MSP

 

Additional reading

Types of Social Engineering Attacks in 2020
Top Social Engineering Techniques Trending on Email 
Security Weak Points: Social Media
You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.