PDF Version: Most-Common-Social-Engineering-Attacks
Tag: Social Engineering Attacks
Social engineering is a broad term that is used to define a range of malicious activities that majorly rely on human interaction. These attacks often involve tricking people into breaking standard security protocols. The success of social engineering attacks is dependent on the attacker’s ability to manipulate the victim into performing certain actions or providing confidential information to the attacker. Social engineering attacks differ from traditional attacks as they can be non-technical and don’t necessarily require the attackers to exploit or compromise software or a network.
The best way to protect an organization from social engineering attacks is to educate the employees about different types of social engineering attacks. Here is a list of most common types of social engineering attacks –
- Baiting: A baiting attack is conducted by the attackers by leaving a bait such as a flash drive, USB, or CD at a place, where it is likely to be found by an employee. The device is loaded with malicious software. The success of such attacks depends upon the notion that the person who finds the compromised device will plug it to a system. When the device is plugged to a system, the malware is installed. Once installed, the malware allows the attacker to gain access to the victim’s system.
- Phishing: It is one of the most common social engineering attacks. The attack involves the exchange of fraudulent communication with the victim. The communication may be in form of emails, text messages, chats, or spoofed websites. The communications may be disguised as a letter from a financial institution, charity, employment website, etc. The communication contains a link and the victim is lured to click on the link to install a malware on his device. In other form of phishing attacks, the link may be used to collect victim’s personal, financial or business information.
- Pretexting: This type of attack occurs when the attacker fabricates a situation that forces the victim to provide access to sensitive data or a protected system. Some common examples of pretexting attacks are the attacker pretending to require financial details of the victim to validate victim’s identity or the scammer posing as a trusted person such as IT employee to gain victim’s login details.
- Quid Pro Quo: In such attacks, the scammer requests sensitive data from the victim in exchange for a desirable compensation. For example, the scammer may set up a form asking the users to fill in their information in exchange for a free gift.
For more information on types of social engineering attacks, contact Centex Technologies at (254) 213 – 4740.
November 23, 2015
Social engineering is a non-technical method of attack in which the hacker attempts to convince users to break normal security practices. The type of information generally sought by hackers includes bank account information, password, credit card details etc. Certain social engineering attacks also involve sending malware-laden email attachments to gain control over the user’s computer.
Types Of Social Engineering Attacks
- Phishing: This is probably the most common form of social engineering attack. The hacker sends an e-mail, IM or text message that appears to be coming from a legitimate and credible institution, company, bank etc. A phishing scam is carried out to obtain a user’s personal information such as name, address, social security number, bank account details etc.
- Pretexting: In this, the attacker creates a plausible backstory to gain access to confidential information. For instance, the user may receive a call or email claiming to be from a bank and asking about his credit card details or account number to verify identity.
- Baiting: These attacks are often presented in the form of attractive offers and schemes to the users once they enter their login credentials. People who fall a prey to the bait may infect their computer system with malicious software, leak out the financial information stored on the computer and generate new malware exploits.
- Quid Pro Quo: This attack may involve an attacker who spam calls people and claims to be from an IT company. The user may be asked to disable his anti-virus program in exchange for a quick fix for his computer issue. Subsequently, the attacker may install a malware on the system in the guise of a software update.
- Tailgating: This involves an attacker getting access to a restricted area of an organization through an authorized employee. Tailgating may also be carried out by borrowing someone’s computer or laptop for some work but actually installing malicious software.
Tips To Prevent Social Engineering Attacks
- Beware of unsolicited IMs, emails or phone calls
- Keep your anti-virus software updated
- Do not give out your personal information, such as user name, password, credit card number, social security number etc. to anyone
- Ignore phone calls or emails asking for financial information or passwords
- Do not download attachments or open embedded links from unknown senders
- Check website URLs before opening
- Reject requests for online tech support
- Lock your laptop or computer while leaving your workstation
- Use two factor authentication to log in to all your online accounts
For more information on preventing social engineering attacks, contact Centex Technologies at (972) 375 – 9654.