Ci spiace, ma questo articolo è disponibile soltanto in Inglese e Russo.
Social engineering is the art of manipulating, influencing, or deceiving to gain control over your computer system. A hacker can use the telephone, email, postal correspondence, or direct contact to gain illegal access. Examples include phishing, spear phishing, and CEO Fraud.
Who is doing social engineering? It could be a hacker from the United States who wants to damage or disrupt a business. It could be a member of a cybercriminal group from Eastern Europe trying to penetrate your network and steal money from your bank account. Or it could be a Chinese hacker trying to infiltrate your organization’s network for corporate espionage.
10 SOCIAL ENGINEERING TECHNIQUES THAT HACKERS USE
Pretexting
A made-up script is used to attract a potential victim to increase the likelihood that the victim will take the bait. It is a false motive that usually involves some real information about the person to get even more information. For example, date of birth, identification code, residential address.
Diversionary Theft
A scam is carried out by professional thieves and usually targeting a shipping or courier company. The goal is to trick the company into delivering a shipment not to its intended destination, but directly into the hands of a cybercriminal.
Phishing
An attempt to obtain sensitive information such as usernames, passwords, and credit card information by pretending to be a well-known organization. Attackers usually use attention-grabbing emails that bypass spam filters. In the emails, they pretend to be representatives of popular social sites, banks, auctions, or IT administrators. That builds people’s trust.
Spear phishing
A small, targeted email attack on a specific person or organization that helps to break through their security. A spear-phishing attack is carried out after researching the target and has a special personalized component that pushes the target to do something against their interests.
Watering hole attacks
That is a computer attack strategy in which an attacker investigates which websites an organization/person often uses and infects them with malware. Over time, one or more members of the target group get infected and the attacker gains access to the security systems.
Baiting
In this case, the attacker slips something to the victim to get them to act. It can be a peer-to-peer or social networking site in the form of a movie download (porn) or a USB stick labeled “Q1 dismissal plan” left in a public place for the victim to find it. After using the device or downloading a malicious file, the victim’s computer becomes infected, allowing the criminal to take over the network.
Quid Pro Quo
In Latin it means “something for something,” in this case it is a benefit to the victim in exchange for information. A good example is hackers pretending to be IT support. They will call everyone in the company and tell them that they have a quick solution and “you just need to disable your AV”. Anyone who falls for this will get ransomware-type malware installed on their computer.
Stalking
A method used by social engineers to gain access to a building or other secured area. An observer waits for an authorized user to open and pass through a secure entry, and then follows right behind.
Honey Trap
A trick that gets men to interact with a fictional attractive female online. Derived from an old spy tactic that used a real woman.
Rogue
Also known as Rogue Scanner, rogue anti-spyware, rogue anti-malware, or scareware, rogue security software is a form of computer malware that tricks or misleads users into paying for fake or simulated malware removal. In recent years, rogue security software has become a growing and serious threat to computer security. It is very popular, and there are dozens of such programs.
Source: knowbe4
