Social Engineering Attacks To Look Out For

Posted June 20th, 2022 in Social Engineering
We've all heard of the hacker who uses their technical skills to get access to secure computer systems and compromise sensitive data. This type of nefarious character frequently makes the news. They aren't the only ones generating headlines, though. Individuals that utilize phone calls and other media to manipulate human psychology and deceive people into turning over access to the organization's sensitive information are also "social engineers."

The term "social engineering" refers to a wide range of malevolent behaviour. Let's concentrate on the five most popular attack methods: Phishing, pretexting, baiting, quid pro quo, and tailgating are examples.
 

Phishing

Phishing is a common type of social engineering attack.  Most phishing scams seek to accomplish three things.
  • Access personal information such as names, addresses, and Social Security Numbers;
  • Use shortened or misleading links that redirect users to suspicious websites that host phishing landing pages
  • Create fear and a sense of urgency to manipulate the user into responding quickly.

No two phishing emails are the same. There are at least six different sub-categories of phishing attacks

Social Engineering

Pretexting

Pretexting is another form of social engineering where attackers focus on creating a pretext, or a fabricated scenario, in order to steal someone's information. In these types of attacks, the scammer usually impersonates a trusted entity/individual and says they need certain details from a user to confirm their identity. If the victim complies, the attackers commit identity theft or use the data to conduct other malicious activities.

Baiting

Baiting is very similar to phishing. The difference is that baiting uses the promise of an item or good to entice victims. Baiting attacks may offer of free music or movie downloads to trick users into handing in their login credentials, for example. 

4. Quid Pro Quo

Quid pro quo attacks promise something in exchange for information. This benefit usually assumes the form of a service.  Earlier attacks have shown that office workers are more than willing to give away their passwords for a cheap pen or even a bar of chocolate

Tailgating

Our final social engineering attack type is known as “tailgating.” An example is when someone without the proper authentication follows an authenticated employee into a restricted area. The attacker might impersonate a delivery driver and wait outside a building to get things started. When an employee gains security’s approval and opens the door, the attacker asks the employee to hold the door, thereby gaining access to the building.

 

Social Engineering Recommendations

Organizations must help their employees counter these types of attacks. You can do so by incorporating the following tips into your security awareness training programs.

  • Do not open any emails from untrusted sources. 
  • Do not give offers from strangers the benefit of the doubt. 
  • Lock your laptop 
  • Purchase anti-virus software. 
  • Read your company’s privacy policy 
 
 
 
   
GOOGLE REVIEW

Subscribe to Email Updates

Recent Posts

Posts by Topic

See all