Types of Social Engineering Attacks

Types of Social Engineering Attacks
DMARC

29 July, 2020

Types of Social Engineering Attacks

1). Pretexting

Pretexting is a form of social engineering where attackers focus on creating a convincing fabricated scenario using email or phone to steal their personal.

In a pretexting attack, the attacker poses as a person of trusts such as a family member someone from the target’s organization like a member of the IT department or a manager or any other individual holding authority over the target.

2). Baiting

Baiting exploits the curiosity of the victim. It is similar to phishing attacks with a slight difference that the baiters use enticing offers to lure the victim. For instance, attackers can offer free music or movie downloads in return of victim’s authorized login credentials to a website. These attacks are not limited to online activities because cybercriminals also use physical channels as bait. Under physical media, baiters can leave an infected USB flash drive at an employee’s desk labeling it as “Executive Salary Summary.” Once the victim runs the malicious file at a computer the attacker will get access to end user’s system.

3). Quid Pro Quo

This social engineering method Quid pro quo involves people posing as technical support. They make random calls to a company’s employees claiming that they are contacting them regarding an issue. Sometimes, such people get the chance to make the victim do things they want. It can be used for everyday people also.

Quid pro quo involves an exchange of something with the target for instance the attacker trying to solve a victim’s genuine problem. The exchange can include materialistic things such as some gift in return for the information.

4). Tailgating

Tailgating is when someone who lacks proper security clearance following someone who does into a building or area.

Tailgating is the act of following an authorized person into a restricted area or system.

Example: the attacker dressed as an employee carries a large box and convinces the victim who is an authorized employee entering at the same time to open the door of the data center using the victim's RFID pass.

Access to nonpublic areas should be controlled by access policies and the use of access control technologies the more sensitive the area the stricter the combination. The obligation to wear a badge the presence of a guard and actual anti-tailgating doors such as mantraps with RFID access control should be sufficient to deter most attackers.

5). Diversion Theft

Diversion theft involves misdirecting a courier or transport company and arranging for a package or delivery to be taken to another location.

6). Ransomware

Ransomware depicts a type of malware (like Viruses, Trojans, etc.) that infect the computer systems of users and manipulates the infected system in a way that the victim cannot use it and the data stored on it. The victim usually shortly after receives a blackmail note by pop-up pressing the victim to pay a ransom to regain full access to the system and files.

7). Dumpster Diving

It may sound weird but try to imagine a hacker knowing so many things about you just by going over thoroughly through your trash bin for a certain length of time. It will appear creepier once you combine this idea with the online crook’s knowledge about you which he or she gathered through what has been posted about you on the web. True it is one of the most disturbing thoughts one can ever think about but this actually happens in reality. Thus there is a need for everyone to have in-depth comprehension regarding the so-called “Dumpster Diving”.

8). Phishing

a) Spearphishing – phishing which targets an individual or select group

b) Whaling – spearphishing where the target is a big fish (C-Suite)

c) IVR Phishing – uses IVR system (ostensibly from a bank or legitimate business) to get   individual to enter confidential information

d) Business email Compromised (BEC) – mutation of whaling where the scan is researched, funded and con is patient

 

Request Your Complimentary Domain Analysis