In this blog write, I will share about social engineering types, this is one of the most powerful tools for breaking into any computer system or network, and it’s one of the most important techniques. You need to understand to how to block these kinds of attacks and techniques that social engineering attackers use so that you can keep yourself safe, both online and in the real world.
1) Phishing: The number one type of online social engineering attack, both because it’s the most prevalent and because it’s one of the most successful, is called phishing.
If you’ve ever gotten a phishing email before, it looks like an email asking you to log in and check out an account activity or to check in to help a friend out who’s someplace else traveling in the world, for example.
But when it comes to phishing, they’re just trying to get your credentials, your username and your password to hack into your account. It’s because we all get distracted time to time. So we are all susceptible and weakest link in the chain to the same types of social engineering techniques. Well, phishing is just sending an email and trying to get you to click through a link or to give up your information.
2) Pretexting: Pretexting is pretending to be someone you’re not or setting up a false pretext, a false situation. So, attacker say you’re calling from corporate, calling from computer support, receiving an email from a friend who’s in trouble or traveling someplace and they need some money etc.
There are lots of pretexts that people use, both online and in the real world. For example, an attacker might say, I’m a friend of your dad’s, I’m a friend of your mom’s. In a chat room, some would say that they are in your class or they’re also in the same grade as you or they work for the same company or in the same kind of job. Pretexting just means using some false information or made-up information to try to make a connection with the user.
3) Baiting: You will also see that in other online and real-world attacks, beating a great example is someone leaves a USB drive out in the parking lot of your company. And natural thing for people to do, unfortunately, is pick up that USB drive and plug it in to see who it might be along, to see what might be on it. Unfortunately, if they put malware on there, it may have just attacked your network from the inside unintentionally. You didn’t know you were doing anything wrong, just you were wonder a bit.
But this is something important to train employees. Don’t just pick up a USB drive or accept a free download or free software. Sometimes that click can take you to a website that is compromised.
4) Quid pro quo: Quid pro quo is a common social engineering technique that means you’ll get a little something if you do something for me.
The Nigerian prince email scams are terrific and terrible example of this. If you will help us get this money out of the country, then we will send you a portion of it or we’ll let you keep a portion of it. I guess there is no one among us who has not received such an e-mail.
Or it could be just something as simple as, hey, if you’ll do this for me, I’ll send you this information or I’ll give you some money. Quid pro quo is what makes these types of attacks.
5) Tailgating: Another common attack is tailgating in this can happen both online and in the real world, the most common way that tailgating is used is you stand outside a building with some employees, maybe in a smoke break area, and then when they go in back into work, after you struck up a few conversations, you just follow one of them in or you come in holding a package in your hands and you wait until someone comes to the door, you walk in right behind them and it allows you to gain access to a building. Tailgating is a real thing in real life.
It can give someone access to the computers in your network, your physical premises. If someone can touch your computer, they may be able to own your computer and your network.
6) Vishing: This next to last example I’m going to give you this thing is just a voice form of phishing. So, someone makes a phone call and pretends to be someone that they’re not a company it supports.
You’ll also see this as smooshing SMS phishing. That’s where someone sends you a simple message service or text message, pretending to be your bank, pretending to be your employer, pretending to be a prosecutor.
They’ll leave you messages or they’ll call you up on the phone and they can even fake the caller ID number on your telephone and make you believe that it really is a call from one legit phone number and some government agency. In such a case, you have to be very careful not to give out any information.
7) Spear-phishing: Spearfishing is where you use some special information about the person to try to get a particular individual’s information. Sometimes we call this whale phishing when we’re going for the top person in an organization.
So, fishing and spearfishing are real techniques, all of these are real things we need to know about, talk about with our families, with our employees and understand better so that we can avoid falling for the social engineering types of attacks.
Usually, attacker will come with some sense of urgency. So, someone will work in the pretext that you have to help me with this tomorrow. You need to do this before the end of the day. Somebody hacked into your account. You need to take care of it right away. You’ve got to be able to understand these techniques so that you can recognize the signs of a phishing attack and avoid the impact.