10 Types of Social Engineering


There’s a consensus within the technology industry that the most vulnerable link in Cybersecurity are people. Social Engineering is when a malicious actor manipulates people into performing actions that take confidential information. 


Here are 10 Types of Social Engineering.

1. Phishing 

This is probably by far the most popular Social Engineering Technique. This is when the attacker “Fishes” for a person to trick into either sharing confidential information or deploying a malicious software into the victim’s machine. 


Google and Facebook were scammed over $100 million using this same technique. The perpetrator simply forged email addresses, invoices, and contracts to trick the company giants into paying for electronic supplies. 

2. Smishing 

Also known as ‘SMS Phishing’, is a form of phishing that occurs through a text message where the target person is sent a link with the intention of taking sensitive information from the victim or installing malicious software into the smartphone. 


Vodafone, Spark and 2degrees customers were sent a deluge of scam texts. A customer even reported 14 different scam texts overnight! 2Degrees spokewoman assumed that the scammers were seeking to take advantage of the increase in online shopping during the lockdown. 

3. Vishing

A phone scam version of phishing. This is when the attacker attempts to scam people verbally. The scam, like the previous types of techniques, also aims to take private information or deploy malicious software.  

4. Spam

Unsolicited emails victims receive that tends to be dangerous due to the ‘Brute Force’-esque nature of the Social Engineering Technique. This is when a ton of messages are sent out to try and get a victim to eventually click into a malicious link that leads to stolen data or unwanted programs installed. 

5. Spam over Internet Messaging (SPIM)

Unsolicited messages aren’t only limited in emails, but the risk scours over the Instant Messaging platforms as well. The danger here is that since it tends to be more personal than Emails, it’s possible that the victim will be more likely to fall for such Spams. 

6. Spear Phishing

An attempt to convince a particular target to share sensitive material or deploy fraudulent applications. The concern here is the accuracy of the attack that suggests specific targets being more vulnerable. Sometimes perhaps the perpetrator just needs something definite. 

7. Dumpster Diving

A process where a malicious actor goes into someone else’s rubbish to retrieve information that could be useful for an attack. Your trash can be valuable! It’s why we sometimes encourage staff to use a shredder to properly dispose of material that could hold PII (Personally Identifiable Information).

8. Pharming

A Social Engineering attack where the criminal redirects a user to a fake site instead of the intended website. 

9. Tailgating 

This is when an unauthorised person follows a trusted figure who enters a secured area. Physical Security is part of Cybersecurity. Take a look at how sophisticated Google’s Data Center is secured.


10. Eliciting Information 

Sometimes a normal conversation is used to discreetly gather private information. This is especially concerning because of how this technique tends to come from people that we might trust.

Conclusion

There are many more types of Social Engineering Attacks and hopefully this list provides an important message. Cybersecurity is not a product that can be purchased but rather a practice. There will always be risks, the goal is to simply mitigate. 

Written by Regi Medina, ICT Professional

References

https://www.theverge.com/2017/4/28/15468828/facebook-google-phishing-scam-rimasauskas

https://www.stuff.co.nz/business/126524491/victims-of-text-scam-deluge-advised-to-wipe-their-phones-and-change-passwords




Comments

Popular Posts