Different Types of Social Engineering Attacks

Different types of social engineering attacks Social engineering attacks are any malicious activities that use psychological manipulation of users to trick them into making mistakes or giving away sensitive information that breaches their security and allows the attacker access to their information. -Pretexting happens when an attacker obtains information through a series of clever lies, initiated by the attacker pretending to need sensitive information by impersonating a co-worker, police, bank, government officials, or other persons who have right-to-know authority. They will ask questions that seem to be required to confirm the victim’s identity, and are often able to get the person’s national ID number, birthday, full name, address, and more. To avoid falling victim to this, avoid giving any personal or sensitive information over the phone, and require any inquirer to provide you with official proof of their post and authority. -Tailgating is when an unauthorized person physically follows an authorised person into a restricted area. One tried-and-true method is when a hacker calls out to an employee to hold a door open for them because they ‘forgot their card’. To avoid falling victim to this, do not allow persons you do not personally know to use your card, laptop, or personal material to access restricted areas such as schools, government buildings or even your own apartment. -Baiting can happen in two ways: 1- In the physical world, for example attackers will leave a malware-infected flash drive in a public place where potential victims will spot them. Once the victim uses the flash drive, they unknowingly allow the attacker access to their computer and all their files. 2- In online where enticing ads encourage users to download a malware-infected application. To avoid falling victim to this, never accept a flash drive that you have not tested before, and never click on links that seem suspicious! - Phishing is a scam in the form of email or text that creates a sense of urgency, curiosity or fear in the victims; like a fake email from a bank asking to update your password. It then encourages the victim into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware. To avoid falling victim to this, vigilance is key! A tricked message will contain subtle mistakes that expose its true identity, like the link URL will be strange or a misshapen logo. Keep your eyes open to these mistakes. -Quid-pro-quo involves a hacker requesting data or login credentials in exchange for a service. For example, the victim may receive a phone call pretending to be technical support, offering free IT assistance, or free online credit in exchange for login credentials. To avoid falling victim to this, think of this if an offer sounds too good to be true, it probably is quid pro quo. Also, always ask for verification of credentials before giving any sensitive information. What makes social engineering especially dangerous and scary is that it relies on human error, and such mistakes are much harder to identify than a malware-based intrusion.