KNOWLEDGE

Deceptive techniques of social engineering used by cybercriminals

Posted on by iconext writer
13
Nov

Social engineering is a form of deception in which cybercriminals imitate a trusted source to trick people into doing something. It exploits human weaknesses such as trust, ignorance, and carelessness.

Cybercriminals have learned that email, voicemail, or text message can convince people to transfer money, provide confidential information, or download a file containing malware on the company network. This kind of attack is very effective compared to other cyberattacks, especially for people who don’t have enough cybersecurity knowledge.

Flow of Social Engineering Attacks

Firstly, cybercriminals find their victims, lure them into a trap to steal their personal information, launch the attack, and then leave quietly while the victims don’t notice.

9 Most Common Examples of Social Engineering Attacks

1. Phishing

It is the most pervasive method of social engineering. Cybercriminals use deceptive emails, websites, and text messages to steal sensitive personal information or organizational information from unsuspecting victims.

Although phishing email techniques are well-known, 1 in 5 employees still click on those suspicious links.

2. Spear Phishing

Spear phishing is for targeted attacks on individuals or organizations. This email scam is more complicated than regular phishing emails because it requires in-depth research on potential targets and their organizations.

3. Baiting

This type of attack can be carried out both online and offline. The cybercriminal often promises the victim a reward in return for personal information.

4. Malware

It is a type of attack that includes ransomware. Victims receive an emergency message, and they are tricked into installing malware on their device. After that, the sender will ask for a fee or steal information to carry out further attacks.

5. Pretexting

Cybercriminals impersonate organizations with large amounts of client data e.g., banks, credit card providers, utility companies to trick the victims into giving up information.

6. Quid Pro Quo

This attack centers around the exchange of information or services to convince the victim to follow instructions. Cybercriminals pretend to be technology experts and offer victims assistance, which leads to cyberattacks.

7. Tailgating

It is an attack aimed at an individual who can give criminals access to a secure building or area. This attack is often successful due to the victim’s misguided manner, for example, leaving the door open for an unfamiliar “employee”.

8. Vishing

Cybercriminals leave urgent voice messages to convince victims to act quickly to protect themselves from arrest or other risks. They often pretend to be banks, government agencies, and law enforcement agencies.

9. Water-Holing

This attack uses advanced social engineering techniques to infect websites and visitors with malware. The infection often spreads through a website specific to the victim’s industry, such as a popular website that is frequently visited.

How to protect your information from social engineering attacks

Organization level

  • Adopt appropriate technology to prevent attacks.
  • Implement a security awareness training policy in your organization. A safety administrator should provide training and give examples of various attacks to employees so that they understand the risks and not become victims.

Individual level

  • Believe in your instinct. If you encounter something that makes you feel strange, you should stay calm, make sure, and do nothing. For example, if you get a suspicious email from your boss, call your boss first to make sure the email is from him/her or not.
  • If someone calls you and asks for important information like your username or password via the phone, hang it up immediately. Regardless of the company, customer service or support teams will never ask you for such information.
  • If you do not know the sender or are not sure that the sender sent the email, do not click any links in an email or open any attachments. Please always remember that cybercriminals may impersonate someone you know or a colleague in your workplace.
  • You should consider what you are doing carefully, ignore doing anything you are not sure about, and don’t let anyone influence you.
  • You must be aware of cyber risks and always be vigilant. Please always remember that nothing is free in this world, and anything that looks too good can bring harm to you without your awareness.

Source:

https://terranovasecurity.com/examples-of-social-engineering-attacks/

https://th.safetydetectives.com/blog/what-is-social-engineering-th/

https://www.techtalkthai.com/what-is-social-engineering-by-sophos/

Image by: freepik

    wpChatIcon