Justice is on the way!
Social engineering is the title of a broad range of manipulation techniques that exploit human mistakes in order to gain information. In other words, in a social engineering threat, the attacker tricks his target by using psychological manipulation.
As mentioned above, most of social engineering attacks occur after the attacker has a communication base with the victim. Earning trust is key to a successful scheme. In order to gain their goal, social engineering attackers usually follow four steps that create the social engineering attack cycle:
Do you think you are targeted by an attacker? We can help! Contact us here
In social engineering the attacker uses human emotion to trick the target into making a mistake such as giving access to personal data or giving money to the attacker. It is usually done by emailing or texting, so it doesn’t involve any real conversation.
There are many techniques used in social engineering. Here are a few of the common ones:
Baiting- the name of this technique is self-explanatory. The attacker leaves a bait that he believes you’d take. It is usually a malware infected physical device like a USB drive left in public places, so it is most certainly to be found and used. Once you do- the malware is installed into your computer.
Phishing / Spear Phishing / Whaling- all three are similar, but with clear differences. The general explanation for all three is a malicious attacker pretending to be a trusted and legit institution or individual tricks the victim by texting or emailing them with an urgent or frightening request. This may eventually result with the victim making the mistake of clicking on links to malicious websites, for example.
The differences are:
Phishing is when the attacker doesn’t have a specific target. He just tries to make someone take his bait. Spear phishing in an attack that targets a specific victim. Whereas whaling is similar to spear phishing, only here the attacker targets a high-ranking victim.
Scare-ware- this type of social engineering technique is based on fear. The attacker scares the target with false alarms that makes the target think their computer is infected with malware. Then the victim is offered with a chance to fix it all by installing a software to protect the computer. However, in reality, it is the attacker’s real malware.
Pretexting- this type is a technique based on pure lying. The attacker pretends to be a part of an authorized institution like police or banks. Then the attacker tries to get personal information for the victim disguising it as an attempt to protect the victim.
Quid pro quo- the attacker promises a kind of reward in exchange for some personal information. This seems exciting and worthwhile for the victim since he isn’t giving much but expected to get a lot. However, the attacker gets what he intended, and the victim gets nothing.
Did this happen to you? Don’t freak out, we can help! Reach us here
How to protect yourself against social engineering?
Do you have any questions? Don’t hesitate to ask us here