Cyber crime making headlines today often involves an attacker leveraging their technical expertise to infiltrate protected computer systems and compromise sensitive data. In attempt to mitigate risk, businesses invest in new technologies that strengthen network defenses. While it’s important to be aware of cyber crimes and protect your business from attack, it’s also important to be aware of another type of attacker who use their tactics to manipulate people – social engineers.
[You Might Also Like: Infographic - "6 Common Types of Cyber Attacks"]
The success of social engineers relies solely on the hackers’ ability to exploit the one weakness that is found in every company – human psychology. Social engineering is a term that encompasses a broad range of malicious activity and uses a variety of media, including phone calls and social media, to trick people into offering them access to sensitive information. Here are the five most common social engineering scams that attackers use to target their victims: phishing, baiting, quid pro quo, pretexting, and tailgating.
[You Might Also Like: Blog Article - "5 Common Types of Malware"]
Phishing is a leading tactic leveraged by ransomware hackers where an attacker masquerades a reputable entity or person in email or another communications channel. Attackers utilize link shorteners or embed links that redirect users to suspicious websites in URLs that appear legitimate. Once redirected, threats, fear, and sense of urgency are used in attempt to manipulate the user into acting quickly. The attacker’s goal is to obtain personal information, such as names, addresses, and social security numbers.
What distinguishes baiting from other social engineering scams is the promise or offering of something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital and physical. Baiters may offer users digital rewards such as free music or movie downloads if they surrender their credentials to the site. Physical bait may include a branded flash drive that is left out on a desk for the user to find. Once the flash drive is inserted into the computer, malicious software is delivered directly into the victim’s computer.
3. Quid Pro Quo
Quid Pro Quo involves a request for the exchange of private data for a service. One of the most common types of quid pro quo attacks involve fraudsters who impersonate IT service people. These attackers offer IT assistance to their victims, requesting the victims to facilitate the operation by disabling the AV software temporarily to install an “upgrade” or “software” which is really a malicious application.
Pretexting is where attackers focus on creating a false sense of trust between themselves and the end user by impersonating someone else to obtain private information. These types of attacks typically take the form of a scammer who pretends that they need certain information from their victim in order to confirm their identity. Attackers rely on building a false sense of trust with the victim by creating a credible story that leaves little room for doubt from their victim.
These types of attacks involve an unauthorized person physically following an employee into a restricted area. One common scenario is when the attacker simply walks in behind a person who is authorized to access the area. The attacker may impersonate a delivery driver, asking that the employee hold the door, bypassing the security measures in place (i.e. Electronic access control). Another example is when a hacker asks an employee to hold the door open for them as they’ve forgotten their access card, giving the hacker access to building.
Hackers utilizing social engineering scams use human psychology and curiosity to get the information they want. Employees must stay vigilant to counter these attacks. Educating employees on these types of attacks and how to recognize these attacks will help keep your business and data secure.