What is Social Engineering
The advancement of technological defenses is becoming more adaptive and robust against cyber attacks, making it difficult for cybercriminals to penetrate corporate and/or cloud networks. Humans are the weakest link in the security chain and cyber criminals are increasingly targeting users via social engineering.
Social Engineering is a form of cyber attack that is attempted by attackers to trick humans into giving up access, credentials, or other sensitive information.
Social engineering is especially dangerous because it relies on human error rather than vulnerabilities in software and operating systems. Mistakes made by legitimate users are much less predictable, making them harder to identify and thwart than a malware-based intrusion.
Common Methods of Social Engineering Attacks
Phishing attacks are one of the most popular social engineering attacks; it involves emails and text messages designed to induce victims to reveal sensitive information. A common method of scamming the public is by sending them email that appears to be from popular social websites, banks, auction sites, or IT administrators.
Scareware is the process of overwhelm the victim with false alarms and fictitious threats. Users are led to believe their system is infested with malware/virus and are prompted to install software that has no real benefit on their system. This software allows the perpetrator to gain access or install malware itself. Scareware is also referred to as deception software, rogue scanner software and fraudware.
An email attack targeting a particular person or organization with the goal of breaching their defenses. When spear phishing is used against a target, it is done after research and has a specific personalized component to convince the target to do something against their interests.
Baiting refers to a method of luring a victim into acting by dangling something in front of them. It can be done by downloading a video from a peer-to-peer or social networking site, or by leaving a USB disc with the label “Confidential” out for the victim to find. The victim’s computer becomes infected after the device is used or a malicious file is downloaded, enabling the criminal to seize control of the network.
Honey Trap is a method used to trick men to interact with fictional attractive female online. The criminal then takes advantage of the relationship and extract information or install malware onto their computers.
Honey trap was derived from old spy tactics where a real female was used.
Pretexting attacks involve attackers fabricating a false identity and using it to trick their victims into divulging personal data. For example, attackers may pretend to be an external IT service provider, and request users’ account details and passwords to assist them with a problem. Alternatively, they might ask the victim for confirmation of their bank account number or login information while posing as the victim’s financial institution.