Social engineering is a scary foe to all who use the internet for leisure or for work. There seems to be no end to the torrent of malware and data breaches that cripple companies, increase fraudulent behavior, and generally cause havoc to those that are innocent or otherwise vulnerable. With that in mind, here are some examples of social engineering that you should be looking out for.
What is social engineering?
Social engineering is a tactic used by cybercriminals to get data or information through manipulation, lying, or gaining the trust of an individual. Sometimes all three. Some attacks are honed and targeted; others are just done to catch the occasional person off guard and then take whatever they can get their hands on.
What are the types of social engineering?
There are many different kinds of social engineering. This list will cover four of the more common techniques used within social engineering to give you a brief overview of what each one is and how it can harm you. Of course, this is just the tip of the iceberg, and if you want to learn more about social engineering, you can click here for more information.
Baiting is a technique used to pique curiosity in a victim or to feed off their greed. Typically, these are the ‘you are our 100th site visitor, you have won this prize!’ scams that catch out older users. For just browsing the internet, this might be a common pop-up that just makes you roll your eyes. Baiting can also be a lot more directed, however. For example, planting a malware-infested USB drive in a parking lot of the desired target, which looks completely authentic, tricking the target into bringing the infected device home and putting it into a work or home use computer.
Scareware focuses on getting a victim to react out of fear. This can be the infamous pop-ups that are often used on illegitimate anti-virus software ads stating that your device has viruses that only it can detect. Most of these are truly useless bits of software, and the others are malware that can be used to infect your device.
Pretexting can be something used to target a specific person or bit of data and requires a more in-depth exchange between the victim and the criminal than just clicking on a link. Pretexting will create a lie and work off of the trust from that. The criminal will approach an individual claiming to be a friend, someone trustworthy, or someone of right-to-know personnel to coax information out of an individual. This might be about themselves, or it can be to achieve a much higher goal and might be one of the steps to creating a successful spearphishing attempt.
One of the more commonly known attacks, phishing is a kind of scam done through email or text, often relying on the recipient to have any interaction with it. These are often sent out in bulk, like scareware, to collect as much data as possible without really worrying about efficiency and precision as much.