Social Engineering in Cyber Attacks

In this day and age, we need to be taking a closer look at social engineering attacks. It's the act of preying on unknowing victims to obtain personal or business information. It's an art of manipulation that relies less on technical attacks but more on human interactions, usually tricking people to break normal security procedures, by using a pawn. These types of attacks have been so successful because the victims naturally trust other people and want to be helpful, only to be tricked into releasing information. Social engineers rely on the fact that people are unaware of the value of information they possess and aren't careful about protecting it.

Security is all about knowing who and what to trust. There are different types of social engineering attacks, the first being shoulder surfing. Shoulder surfing is nothing more than watching someone while they're entering sensitive information. The shoulder surfer can watch you enter a password, credit card number, or any other pertinent information.  

Dumpster diving is a common social engineering attack, used to retrieve any confidential information. Organizations usually generate a large amount of paper, most of which end up in recycle bins and/or dumpsters. These papers can contain highly sensitive information and dumpster diving includes searching through a work trash for obvious treasures.  Even the most seemingly innocent things, like a phone list, calendar, etc., can be used to assist an attacker using social engineering techniques to gain access to what they want. 

Third type of social engineering is phishing. Phishing occurs when someone attempts to gain sensitive information while pretending to a trustworthy entity through online communication. Communications claiming to be popular websites, banks, online payment processors, or IT administrators are commonly used to lure in a unsuspecting victim. Phishing is typically carried out by email spoofing or instant messaging, which directs users to enter details at a fake website that is almost identical to the legitimate one. The danger with phishing emails is that they may contain links to websites that are affected with malware. There's another term known as spear phishing, a type of phishing that pertains to the attacker pretending to be someone you know. Generating a phishing attack requires more work using information from your contact lists, social media sites, etc. 

Whaling is another form of phishing, however it is a digital con game that targets upper level managers. The objective is to swindle managers into providing confidential information. When you combine phishing with VoIP, it becomes the term vishing. While prank calls have been in existence since the invention of telephones, the rise of Voice over Internet Protocol or VoIP makes it possible for people to call you almost anywhere without being traced. It can convince someone they're talking to a trusted person. 

There is also impersonation, which is a human based type of social engineering. This happens when the hacker plays the role of someone you are likely to trust/obey to get access to information. This plays on our natural tendencies to believe people are who they say they are.  

We have plenty enough to worry about online without the purposely malicious attacks but it helps to be aware of them. They are only getting more advanced as time goes on but planning a step ahead for different forms of cyberattacks, starts with learning about them and building a secure foundation to begin with, online and offline.

These are services that we at MakesSense can actually provide for you, whether you're starting up a business or already run one. Let us know what you need help here with and we can get started on getting you and your business set up with the best cybersecurity program for you.