1

What Is Social Engineering?

Disculpa, pero esta entrada está disponible sólo en Inglés y Ruso. For the sake of viewer convenience, the content is shown below in this site default language. You may click one of the links to switch the site language to another available language.

Social engineering is the art of manipulating, influencing, or deceiving to gain control over your computer system. A hacker can use the telephone, email, postal correspondence, or direct contact to gain illegal access. Examples include phishing, spear phishing, and CEO Fraud.

Who is doing social engineering? It could be a hacker from the United States who wants to damage or disrupt a business. It could be a member of a cybercriminal group from Eastern Europe trying to penetrate your network and steal money from your bank account. Or it could be a Chinese hacker trying to infiltrate your organization’s network for corporate espionage.

 

10 SOCIAL ENGINEERING TECHNIQUES THAT HACKERS USE

 

Pretexting

A made-up script is used to attract a potential victim to increase the likelihood that the victim will take the bait. It is a false motive that usually involves some real information about the person to get even more information. For example, date of birth, identification code, residential address.

 

Diversionary Theft

A scam is carried out by professional thieves and usually targeting a shipping or courier company. The goal is to trick the company into delivering a shipment not to its intended destination, but directly into the hands of a cybercriminal.

 

Phishing

An attempt to obtain sensitive information such as usernames, passwords, and credit card information by pretending to be a well-known organization. Attackers usually use attention-grabbing emails that bypass spam filters. In the emails, they pretend to be representatives of popular social sites, banks, auctions, or IT administrators. That builds people’s trust.

 

Spear phishing

A small, targeted email attack on a specific person or organization that helps to break through their security. A spear-phishing attack is carried out after researching the target and has a special personalized component that pushes the target to do something against their interests.

 

Watering hole attacks

That is a computer attack strategy in which an attacker investigates which websites an organization/person often uses and infects them with malware. Over time, one or more members of the target group get infected and the attacker gains access to the security systems.

 

Baiting

In this case, the attacker slips something to the victim to get them to act. It can be a peer-to-peer or social networking site in the form of a movie download (porn) or a USB stick labeled «Q1 dismissal plan» left in a public place for the victim to find it. After using the device or downloading a malicious file, the victim’s computer becomes infected, allowing the criminal to take over the network.

 

Quid Pro Quo

In Latin it means «something for something,» in this case it is a benefit to the victim in exchange for information. A good example is hackers pretending to be IT support. They will call everyone in the company and tell them that they have a quick solution and «you just need to disable your AV». Anyone who falls for this will get ransomware-type malware installed on their computer.

 

Stalking

A method used by social engineers to gain access to a building or other secured area. An observer waits for an authorized user to open and pass through a secure entry, and then follows right behind.

 

Honey Trap

A trick that gets men to interact with a fictional attractive female online. Derived from an old spy tactic that used a real woman.

 

Rogue

Also known as Rogue Scanner, rogue anti-spyware, rogue anti-malware, or scareware, rogue security software is a form of computer malware that tricks or misleads users into paying for fake or simulated malware removal. In recent years, rogue security software has become a growing and serious threat to computer security. It is very popular, and there are dozens of such programs.

 

Source: knowbe4

Related Posts

card__image

Darknet Prices 2021: How Much Is Your Data Worth?

Disculpa, pero esta entrada está disponible sólo en Ruso y Ucraniano. For the sake of viewer convenience, the content is shown below in one of the available alternative languages. You may click one of the links to switch the site language to another available language. Только за 2020 год такие известные корпорации и организации, как […]

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *