Social Engineering: Involves posing as a legitimate entity to gain access to personal information, confidential company information, and/or install malware/viruses.
Malware typically is installed by the user. A small percentage attacks exploits in the software, while the majority tricks the user into giving information or installing malicious software.
Phishing: is the most common form of social engineering. Examples of Phishing include Court Notices, Ransomware, and using legitimate sites to carry out social engineering. For example, a fake Job listing on a career site that sends you an email with malicious software.
Other examples of Social Engineering
Baiting: Leaving an infected USB drive that an unsuspecting person uses.
Pretexting: One party poses as a legitimate entity to scam the other party.
Scareware: Software that "claims" your computer is infected and asks you to enter credit card information, or call a support team to remove the threat.
Social Engineering Protection
When using email, chat, phone, or in person, never provide confidential information to unverified sources.
Do not click on embedded links from unknown sources. Do not download any attachments from unknown sources.
Delete all email from unknown senders or sources.
Use a password that is at least 9 characters long.
Use 2-step verification-this is involves using your login information, and a second authentication method. If the malcious party has your account credentials, they still will not have access to your account.
For information on turning on Gmail 2-step verification click here.
For information on turning on Yahoo 2-step verification click here.