Social engineering is the act of tricking someone into disclosing a piece of valuable information such as a username, password, credit card number, or social security number. These attacks take advantage of human vulnerabilities such as emotions, trust, or habits in order to convince individuals to take action such as clicking a fraudulent link, visiting a malicious website, or sending unrecoverable funds to someone (often outside of the country).
5 Social Engineering Attacks to Watch Out For:
Phishing is the most common type of social engineering attack that occurs today. But what is it exactly? At a high level, most phishing scams endeavor to accomplish three things:
Pretexting is another form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they use to try and steal their victims’ personal information. In these types of attacks, the scammer usually says they need certain bits of information from their target to confirm their identity. In actuality, they steal that data and use it to commit indentify theft or stage secondary attacks.
Baiting is in many ways similar to phishing attacks. However, what distinguishes them from other types of social engineering is the promise of an item or good that malicious fraudsters use to entice victims. Baiters may leverage the offer of free music or movie downloads, for example, to trick users into handing their login credentials.
Similar to baiting, quid pro quo attacks promise a benefit in exchange for information. This benefit usually assumes the form of a service, whereas baiting usually takes the form of a good.
One of the most common types of quid pro quo attacks that’s come out in recent years is when fraudsters impersonate the U.S. Social Security Administration (SSA). These fake SSA personnel contact random individuals, inform them that there’s been a computer problem on their end and ask that those individuals confirm their Social Security Number, all for the purpose of committing identity theft.
Our final social engineering attack type of the day is known as tailgating or “piggybacking.” In these types of attacks, someone without the proper authentication follows an authenticated employee into a restricted area. The attacker might impersonate a delivery driver and wait outside a building to get things started. When an employee gains security’s approval and opens the door, the attacker asks the employee to hold the door, thereby gaining access to the building.
Tailgating does not work in all corporate settings such as large companies whose entrances require the use of a keycard. However, in mid-size enterprises, attackers can strike up conversations with employees and use this show of familiarity to get past the front desk.
What You Can Do to Protect Yourself: