Description
Nowadays, a huge number of people have become too acquainted with hackers who exploit sensitive data and protected computer systems of various organizations, including banks, businesses, and even government agencies. More often than not, you will hear about hackers and become motivated to forestall their ploys. Most organizations counter the exploits of hackers through investments in new and up-to-date technologies to strengthen their defenses.
On the other hand, there is a new breed of attackers who use their expertise to go past the solutions and tools of organizations. This new breed of attackers is referred to as social engineers, who are likewise known as hackers; however, their primary objective is to tap into one’s weakness, that is, human psychology. Social engineers make use of media such as phone calls as well as social media to trick people so that they can gain access to important and sensitive information.
Social engineering involves a wide range of malicious activities, which are executed in various ways such as pretexting, phishing, quid pro quo, baiting, and tailgating among others.
Pretexting is a form of social engineering in which attackers create a fabricated situation or good pretext, which they use to steal one’s personal information. More often than not, attackers who use pretexting are mistaken as scammers who usually pretend that they need personal information for confirming their target’s identity.
Attackers who have advanced skills in social engineering using pretexting try to persuade their targets to do certain actions in order to gain access to an organization and exploit its structural flaws. For instance, an attacker may take the form of an external IT services auditor to try and manipulate the physical security staff of an organization so that he/she can gain access to the building.
Social engineering attacks via pretexting depend on the creation of a delusive sense of trust with the target. The attacker is required to create a credible story, leaving little or no room for doubt on his/her target; thus, the attacker can gain information that is both sensitive and non-sensitive. There was a case wherein a group of attackers took the form of modeling agency representatives and invented fabricated stories as well as interview questions. The attackers targeted women whom they manipulated to sending nude photos of themselves.
Phishing is considered as the most common type of social engineering, which attackers use today. Phishing scams have distinct characteristics such as obtaining personal information, including names, social security numbers, and addresses of targets; incorporating fear, a sense of urgency, and threats to manipulate targets to act fast; and using embed links or link shorteners to redirect targets to suspicious websites through URLs that may appear authorized or legit.
Although some phishing emails are crafted poorly, that is, the messages include grammatical errors and misspelled words, they can still direct targets to fake websites. Phishing emails are intended to steal the login credentials and other personal information of targets.
More often than not, attackers who use phishing emails pair malware with their phishing ploys in order to obtain users’ information. For instance, a reported scam involved attackers who sent phishing emails to targets. The targets were prompted to install cracked APK files from Google Play Books. However, the files were already pre-loaded with malware.
Quid pro quo is another form of social engineering. It involves a promise from the attackers that the target will receive a benefit in exchange for a particular piece of information. The benefit that attackers promise their targets is in the form of services instead of goods………………