Social engineering is a non-technical way for a criminal to collect information on a target. It is an art of gaining entrée to buildings, systems or data by exploiting human psychology, instead of breaking in or using technical hacking techniques. For example, instead of trying to find software vulnerability, a social engineer might call an employee and act as an IT support person, trying to dodge the employee into exposing his password. A social engineer usually manipulating people into breaking normal security rules and best practices to gain access to systems, networks or physical locations, or for financial gain.
Social engineers often use the willingness of the Peoples but also victimize people on their weaknesses. For example, an attacker calls to authorize employee with an urgent problem requires immediate network access. The attacker can request to the employee’s pride, raise authority using name-dropping techniques. These are some types of social engineering attacks:
Type of Social Engineering
When an attacker calls someone and lies to them in trying to gain access to confidential data. For example, involves an attacker who pretends to get personal or financial data to confirm the identity of the recipient.
Quid pro quo
When a social engineer requests personal information from a party in exchange for something is Quid pro quo. For example, a hacker calls random numbers within an organization and pretends to be calling back from tech support. Ultimately, the attacker will find someone with a real issue who they will then pretend to help. Through this, the attacker finds the target, target information, and password.
When an attacker leaves a device infected with malware, For example, a USB drive. Then someone finds the USB, finder then picks up the device and loads it onto a computer, accidentally installing the malware.
When a criminal attempt to compromise a specific group of people by infecting websites with malware that target users accessing the website.
The social engineers trick a delivery or courier company going to the wrong pickup or drop-off place, thus intercepting the transaction.
The social engineer has shown himself as an attractive person to interact with a person online, fake an online relationship and gather sensitive information through that relationship.
Tailgating also has known as piggybacking. Piggybacking is a physical security breach where an unauthorized person follows an authorized person to enter a secured premise.
Rogue security software is a type of malware that tricks targets into paying for the fake removal of malware.
Phishing, Spear Phishing, Vishing, and Scareware – we already discuss these types.
Social Engineering Tactics
There are several tactics on social engineering tactics include:
- Intimidation– The secretary of senior official receive a call stating that her/his boss is about to give an important presentation, but the required file is corrupt. The cybercriminals ask for the file to be sent to him via email or other via.
- Consensus– Criminals create a site with fake testimonials promoting a product indicating that it is safe.
- Scarcity and Urgency – Criminals usually offer a limited opportunity and People will take action when they think there is a limited quantity or a limited time and become victims
- Familiarity/Liking– Peoples to do what another person asks if the victims like that person.
- Trust– Criminals build a relationship with a victim. For example, as a security expert criminal calls the victim offering advice and help. While helping, the criminals get important information from the victim’s computer.
Security back hole can affect web browsers. The web browser display pop-up promotion, collect identity information or installing adware, viruses, or spyware. A cybercriminal can hack a browser’s executable file, a browser’s components and plugins. Plugins A plugin is a software that acts as an add-on to a browser and installs extra functions in the browser. Plugins allow a browser to […]
Vishing Vishing is also phishing. It is using voice VoIP communication technology for fraud. The criminals’ spoof calls from legitimate sources using voice over IP (VoIP) technology. The victim can receive a recorded message that appears legitimate. Vishing works just like phishing but does not always occur over the internet and is carrying out using voice technology. Vishing […]
As I said in one of my earlier articles that phishing is easy to execute and it required very little efforts therefore many cybercriminals use this method. The criminals sent fake emails, text messages and created a website looking authentic. They use email, messages, and website to steal personal and financial information from users. This […]
In the previous article, I discussed malware, including its type virus, worm, ransomware, trojan horses, logic bomb, back door, and rootkits. In this article, we should discuss malware types spyware, adware and scareware. Spyware A computer installs this software without the end-user knowledge and enables a criminal to get information about the user’s computer activities. […]
Email is a universal service using billions of peoples worldwide. It is one of the most popular services in the world, but it is the highest vulnerability to internet users. These e-mails are also known as “junk mail”, an unwanted email, the majority of an advertiser using these junk emails. However, the criminals send harmful links, […]
Malware, or malicious software, is a program or file that designed to disturb the computer process and operation or gain entrée to the computer system, without the user’s knowledge or permission. Malware has become a common term used to explain all hostile or intrusive software, computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and […]
Innovators and visionaries are two types of experts in the cybersecurity. These experts build different cyber domains of the Internet. They have the capability to find the power of data and bind it. They provide service for cybersecurity and build special organizations for these services. These organizations provide protection services to people from cyber attacks. […]
Thwarting cybercriminals is not an easy task. But, company, government, and organizations have started to get the parallel action to limit and discourage cybercriminals. Following are action thwarting cybercriminals. Creating early warning system sensors and alert system. The system is too much costly, so, therefore, it is impossible to watch each network. The organizations only […]