You are talking to a stranger on any online chatting platform, they become your friend and the next thing you know is your system is hacked. Wait for what? Another scenario is when you receive mail from a new account of a known person, you open it and click on the attachment. Your systems gets crashed. How is this happening? Who is behind this? It bothers the victims a lot. And the answer to all these questions is, “Social engineering”.
People are being exploited on a very large scale and one of the techniques used for this is social engineering. What is social engineering and how does it work? What all we should know about it? In this article we will get to know all about social engineering.
Let’s began by knowing the meaning of social engineering. The art of exploiting human error for gaining private information, access or even valuables. Although the hackers use technical means for hacking systems, social engineering involves human psychology. You can also call it human Hacking Scam. Such scams lure users into exposing their valuable data, giving access to restricted systems or even spreading malware.
These scams are used for manipulating someones’ behaviour and based on people act and think. As soon as the attacker understands how to trigger the victim, it becomes easier for the deceiver to trick the user. If the user lacks knowledge about cyber threats, value of their personal data etc., it gives leverage to the hacker. The main goals of anyone using social engineering are:
- For committing theft and stealing important information, money and access.
- For sabotaging anyone by corrupting their data to cause inconvenience or harm.
How does it work?
There are different steps used for the social engineering attacks mentioned below:
- Preparation : Preparation requires gathering background information about the victim. Victim an be an individual or a group of which the victim is a part.
- Infiltrate : It is done by establishing a relationship or initiating a conversation which started by building trust.
- Exploiting the victim : Once a trusted relationship is build up and hackers know the vulnerabilities of their victim, they prepare to attack.
- Disengage : It happens after the user has taken whatever action is desired.
Such attacks can happen over night or even after months of chatting and trust building. You can talk via chats or in person. But once it takes place, your personal information is exposed and your system is prone to malware infection.
Types of Attacks
Socially engineered attacks are not just limited to desktop devices, even mobile attacks can impact you digitally. Here are different types of attacks used for exploiting the users.
Phishing Attacks : Phishing attacks are really common these days where attackers pretend to be a trusted individual or institution for exposing personal information and valuables. It can further be of 2 types:
- Spam Phishing : Also known as mass attack is a kind of widespread attack which is aimed at multiple users. Such attacks can act any unsuspecting person and are non-personalized.
- Spear Phishing : Also known as whaling and uses personalized information for targeting particular victims. These attacks are specifically aimed at high-valued people like high government official, celebs and upper management.
Phishing scam are known to have many ways of delivery some of which are:
- Email phishing: A traditional method of phishing which requires an email urging you for a reply or follow up by any other means. It may use things like phone numbers, web links or malware attachments.
- Angler phishing: Such type of scam happens on social media where the attackers pretends to be a reputed company’s customer service team. Attackers intercept your communications with a brand so that they can hijack and divert your conversation in to private messages to advance their attack.
- URL phishing: Links are sent to you via email, texts online ads and social media messages that tempt you and direct you to phishing websites. Such links have malware hidden in them in the hyperlinked texts, using link shortening tools or URLs.
Baiting Attacks : Baiting the victims by offering something exclusive or for free for manipulating and exploiting them. It usually involves infecting your system with malware. Some of the common baits are USB drives left in public spaces and email attachments offering something for free or a fraudulent free software.
Quid Pro Quo Attacks : Such kind of attacks can be translated to “a favor for a favor”. It means that you exchange your personal information for a reward or compensation like Giveaways. The attackers make their victim excited and then exploit them. Once your information is exposed you are left with no gifts and an infected system.
Scareware Attacks : It is a type of malware which scares (as the name suggests) you so that you take an action. It alarms the users by notifying them with a fake malware alert or by claiming that your accounts have been compromised. It may scare you enough to buy fraudulent software or divulge private information like bank account details.