Cyber Attack Number 5/15: Social Engineering
/Social Engineering is when hackers exploit human psychology, usually by tricking them into volunteering information which can then be used to gain access to user accounts, identity theft, fraud etc.
Example: You receive a legitimate looking email from what seems like a reputable source, like a friend or coworker. It's a Dropbox attachment. When you click on the link, it asks you to log into your Dropbox account. Only, it's not the Dropbox website. The hackers now have your login info. They can now get into your Dropbox account. They may even try the same email address password combination to log into your email, and often are successful because people use the same passwords across multiple sites. This is also known as phishing.
Risk Mitigation: There are telltale signs than a phishing email is fake. The email address often is a subdomain of a fake domain. E.g. fred@dropbox.fakedomain.com
Also, the supposed Dropbox site, isn't at the correct Dropbox website address.
There are other forms of social engineering. Below is a great video from Real Future, where hackers at Defcon go through a real life example.