Social engineering is a type of email cybersecurity attack where a bad actor cleverly manipulates an unsuspecting or naïve individual to steal information or assets. These attacks rely on psychological exploitation as much as technology vulnerabilities.

This exploit requires the criminal to be intimately familiar with a company’s business relationships, unique circumstances, and sometimes even organizational secrets.

It also takes advantage of the fact that, for hackers, it’s trivially easy to “spoof” the sender of a message, making the email look like it came from someone the recipient trusts.

Image description: One common example of consumer social engineering includes deceptively impersonating a community or family member that is distressed and in need of help due to an unfortunate event.

Another example is a criminal posing as a United States IRS agent, targeting an elderly person with a demand to pay overdue taxes or when a fraudster mimics a foreign dignitary looking to establish an investment in the target’s native land.

However, these attacks can be stopped. If the company being impersonated has adopted DMARC-based email authentication, fraudsters will be unable to use their domains in their messages. At full enforcement, DMARC blocks unauthorized email sent on behalf of the domain owner, with 100 percent effectiveness.