If you’re hearing about Social Engineering for the first time, this is for you!
Social engineering is a way to manipulate resourceful persons to extract confidential information of a subject. This is an alarming issue which can cost everyone a very high price. It’s important to know the types of Social Engineering to stay out of such traps!
Here is how it may take place:
- Phishing: Phishing means sending fraudulent emails through fraudulent websites. Social engineers write emails in a way that it seems to belong to a very good company. Thus, people are enticed to provide their personal information and even credit card numbers through the emails. They think the mail to be from a trusted source. As a result, hackers get access to every information of an individual.
- Spear phishing: Spear phishing is different than phishing in this way that, phishing is targeted towards a broader audience, it can be done with as much people as wanted, on a random basis. But spear phishing focuses on specific individuals within an organization to get access to confidential information about that company. Social engineers choose specific persons and their social media accounts intentionally and thoroughly checks them. And then, customized mails are sent to all them making it look like a mail from the boss or very close friend, colleague or relative. The emails contain infected links. When these are opened, these lead the hacker to move deeper towards the network by collecting information about the company.
- Vishing: It’s a combination of the words ‘voice’ and ‘phishing’. Remember having a phone call and being said that you have won BDT 1 lac from your mobile operator company? Yes, that’s what is vishing.
- Baiting: Baiting is also one kind phishing. It differs in the way that, the victim is offered with a prize or gift. It can be about free music, movie downloads or some other incentive for surrendering their information into a website. Baiting is not restricted to online platform only. It’s also done by using physical medias. Suppose, the social engineer(the hacker/intender) has provided some USB devices to the employees as a part of their appreciation for or a task. But those USB devices were installed with malicious elements. As soon as they insert that device into their computers, the hacker gets access to all confidential information
- Quid pro quo: It is almost like baiting. The key word here is ‘exchange’. The hacker or social engineer offers a solution in exchange of login credentials and other sensitive information. It sounds impossible but they make it possible through spam calling. They offer some kind of tech solutions and pick up the ones as victim who really has a tech problem to be solved. They offer software installation or updates, which are actually malware in disguise. And in exchange of that, they get the access to all login credentials.
- Pretexting: Pretexting means to build up a good relationship with a victim by lying in many different ways but proving to be a very trusted person, who just needs ‘some information’ from the victim. The whole scenario is made up and a false trust is developed between the two parties. The victim spills out important information through conversations. At times, they even let the social engineer have access into the building and show them the physical weaknesses or confidential pathways. They do it physically but in a total fabricated way.
- Tailgating: This is often addressed as ‘piggybacking’. You can relate tailgating to many movie scenes. Haven’t you seen movies where intruder enters a restricted area by dressing like a sweeper or just anything resonating with the company? It’s about entering somewhere even without having the access, by . Such as, carrying stuffs in both hands and waiting for an employee to open the door and then asking the person to hold the door open for him so that he can get through.
- Scareware: It’s a deceptive way of making someone believe that s/he has an infected device and so it needs to be protected with an anti-virus. Then it leads them to links, websites and software downloading processes which are actually malwares in disguise.
- Water holing: Water holing is simply keeping track on the websites that an organization’s employees frequently visit and then infiltrating those websites with malware or malvertisements. Despite the fact it is very uncommon, it is still alarming because it’s hard to identify it and it is targeted towards high security companies through low security employees,vendors, partners etc.
- Rogue: Rogue is the way of faking an intimate relationship with someone, just to extract desired information.
We hope we could give you holistic understanding about Social Engineering. So, stay safe and keep safe!