Not all forms of security are about fences and firewalls and Social engineering is a good example. The act of manipulating or tricking a person into giving private or confidential information or access to premises or systems to which they shouldn’t have access to.
Social engineering could also be manipulating a person into doing something that might be affecting the business systems or a deed that goes against company policies.
Different Forms of social engineering
Making false promises to play on the victim’s greed or curiosity and lure them with the bait into providing personal information or do specific tasks.
One example of baiting is people who leave flashdrives around in public places hoping that someone would pick it up. These flashdrives could be loaded with malware like ransomware which renders your device useless until you pay a certain ransom amount.
Ads on websites that show beautiful ladies in your area or other related images that provoke users into clicking to see what is on the other end.
An example of baiting is RSA the cybersecurity company in the United States that had their data breach because an attacker sent to a small group on individuals working at RSA with a carefully structured email with a carefully named infected excel document.
You ever seen those emails that claim that you either won or inherited a large sum of money?
They usually have a sense of urgency and may or may not contain links or attachments. Alongside the phishing message may also be a website that looks like the identical version of the place or person that they claim to be. This could be places like Paypal or Wallmart which are both common victims of impersonation.
These emails may also request personal or even private information like residential addresses, mobile numbers and even bank card information.
Phishing attempts may also redirect you to a cloned website to trick you into typing in your login details.
An example of phishing is from Target (a retail corporation) where hackers managed to steal customer payment information by sending phishing emails to large numbers of people.
Spear phishing are the twins of phishing but what makes them different is that they are targeted phishing attempts. Unlike the broad-based attack of phishing, spear phishing targets specific individuals.
Theses attacks also require more time and are harder to accomplish due to the amount effort that is required to target that specific person and, in most cases, result in a high success compared to general phishing.
Spear phishing attacks can be like dropping a flashdrive in the parking lot of the company titled “Payroll” which has the malware targeting that specific company.
Information like employee names, email addresses and personal identifiable information can be used to accomplish the task of targeting a specific person at that company.
An example of spear phishing is the United States election where the Democratic Party were targeted by attackers using a fake Gmail account to trick the party members to change their credentials which lead to the leakage of sensitive information.
Pretexting is the act of creating prescripted scenarios that can be used to manipulate a victim into giving information or access.
Example of this is to have prescripted scenarios where the operator has to respond with a specific phrase or sentence to convince the person into buying into their idea.
Quid pro quo
Quid pro quo means “Something for something” in Latin
If a person pretends to be IT support and responds to your query where you really have a problem that may require IT support. Using this opportunity, the attacker can ask the victim to confirm usernames or even passwords.
These attacks can also come in the form of bribes, where they assist you with a service and in return, they ask the victim to perform certain tasks or hand over information.
Ever found those antivirus programs that tells you that there is virus or driver issues on your device but require you to buy the software in order to have it fixed?
Another example of scareware are those ads on websites that state that your device or browser may be infected with harmful viruses.
Scareware may also be emails that tell you to act quickly or something might happen. An example of this are those mails that tell you to urgently pay your account or it will be suspended and or may lead to legal action but are in fact a false claim.
Tailgating or Piggybacking are the interchangeable terms that are used for people who impersonate or manipulate a person into access to a building or device.
“Leave your user logged in, I just quickly want to print something and I can not remember my login details” or when for example a delivery person walks with his hands full of items and requests you to hold the door when you opened.
The act of pretending to be another person or entity in order to trick an individual into thinking you are the actual person or entity.
An example of this is someone who phones your service provider in order to purchase a product or change a service by pretending to be the account holder.
An example of a successful impersonation attack is the Shark Tank television judge Barbara Corcoran who was almost tricked into over a R6 million rand scam where the cyber-criminal impersonated her assistant and requested money to be transferred in 2020.
These are some of the examples of the social engineering tactics that are used in day-to-day business by attackers to gain access to information or premises to which they shouldn’t have.
What easy steps can you use?
Double check the senders address
- Don’t download files unless you know the person
- Don’t supply personal or private information such as mobile numbers or banking information
- Reject offers to help; rather get assistance from someone you know or who are credible
- Do not open any links
- If It is to good to be true, then it probably is.
To avoid phishing or infected files or emails, use ESET, it allows safer online shopping and banking using their secure browser and can scan your emails or mail servers for infections. Securing your system from spam and malware is easier than ever before.