Common Social Engineering Techniques
Some hackers rely on exploiting human vulnerabilities instead of technological ones — Learn how to protect yourself from “social engineering,”
Social engineering approaches rely on human vulnerabilities rather than a potential hacker’s technological prowess.
To get (unauthorized) access to sensitive data, cryptocurrency wallets, or accounts, or to persuade victims to download malware onto computers and networks to do additional harm, social engineering is used. Phishing, baiting, quid pro quo attacks, pretexting, and tailgating are examples of such approaches.
- Phishing and Related Social Engineering Attacks
- Baiting: A Common Social Engineering Technique
- Quid Pro Quo Social Engineering Attack
- Pretexting: A Familiar Social Engineering Example
- Tailgating or Piggybacking: In-Person Social Engineering Attacks
Phishing and Related Social Engineering Attacks
A hostile actor impersonates a trustworthy authority figure or organization in a phishing attack to deceive a target into providing sensitive information or parting with money.
While an individual may be the target of a phishing assault, the attacker’s main purpose is usually to compromise one or more systems that the victim has access to. If a phishing assault on an individual is successful, the ramifications can be devastating, affecting other individuals and networks in a matter of seconds.
Spear phishing, vishing, and smishing are examples of phishing assaults. Spear phishing attacks are extremely targeted at specific people, companies, or organizations.
For example, attackers may tailor their emails or messages based on their knowledge of a person’s position inside a company. Voice communications, particularly Voice-over-Internet-Protocol (VoIP) solutions, are used in so-called “vishing attacks” to deceive victims into calling and disclosing personal information such as their credit card number or billing address.
SMS or text messages are used in “smishing” attacks to lure victims to malicious websites or to fool them into giving sensitive personal information.
Baiting: A Common Social Engineering Technique
Baiting attacks take advantage of a victim’s greed by promising a speedy payout. An attacker might, for example, leave an infected USB stick in a public place, anticipating that someone will insert it out of curiosity and thereby install malware on their PC.
An internet ad may deceive a victim by promising a speedy cash reward in exchange for providing sensitive personal information and registering an account.
Baiting attacks are also used to target peer-to-peer websites. Some users may be enticed to give over their banking information in exchange for free movie or music downloads.
Victims who provide financial information in exchange for discounts, quick returns on investments, or free cash rewards may find that their accounts are empty once the information is disseminated.
Quid Pro Quo Social Engineering Attack
Quid pro quo attacks, like baiting schemes, usually involve a promise of a fraudulent exchange. In exchange for company data, an attacker can provide a prize or offer to engage in a research study. Scammers may also pretend to be internal IT professionals, offering to help with an issue or provide software security protection in exchange for personal information or other sensitive information.
Pretexting: A Familiar Social Engineering Example
An attacker acting as a trustworthy authority, such as a bank official or a law enforcement officer, is a common kind of pretexting. Under the guise of authenticating the victim’s identification, the attacker obtains personal information from them, such as a social security number.
A message from a friend’s social media accounts claiming they are stranded and in need of instant emergency finances is a common pretexting scenario. A fraudster may pose as a representative of a political campaign or charity and solicit donations for a good cause.
Each of these scenarios is based on psychological manipulation, in which the victim is led to believe they are carrying out their responsibilities or assisting a friend in need.
Tailgating or Piggybacking: In-Person Social Engineering Attacks
Physical access to a facility or restricted location containing secure information is usually required for tailgating or piggybacking attacks.
Criminals can enter a protected building by just following someone holding the door open for them, circumventing the security systems. As a result, security-conscious businesses may educate their personnel about tailgating attacks as well as other social engineering approaches.
Be aware of social engineering attempts that could compromise your personal accounts, whether you work at a bank or crypto exchange or simply have a bank or crypto exchange account.