You might have heard the word Social Engineering. But, what exactly is Social Engineering? What are the types of Social Engineering techniques? It can be assumed as a set of methods primarily intended by the people who want to hack other people or make them do some particular task to benefit the attacker.
However, to do this, they don’t want to depend mainly on the coding part. Social Engineering scams are the art of deception used by evil-minded people to nourish their greed for money or something else.
You might’ve received phone calls or emails from people giving credit card offers. They try to take their targets into confidence and make them pay a hefty amount to claim the offers. We call such things as a fraud. That’s an example/type of social engineering, where people try confidence tricks on their targets.
This social manipulation is not just for financial benefits. Social engineering can be done for other purposes too, for instance, harvesting information from people. It involves playing with their mind to get things done.
You can find social engineers everywhere. Even your friends sitting next to you concentrating on your keyboard while you type your passwords is a social engineer. It’s just that there is no certification for this thing. So, let’s tell you what are the types of social engineering in detail.
There are many social engineering tactics depending on the medium used to implement it. The medium can be email, web, phone, USB drives, or some other thing. So, let’s tell you about different types of social engineering attacks:
Phishing is the most common type of social engineering attack. The attacker recreates the website or support portal of a renowned company and sends the link to targets via emails or social media platforms. The other person, completely unknown of the real attacker, ends up compromising personal information and even credit card details.
You can prevent phishing emails by using spam filters in your email accounts. Most email providers do this by default nowadays. Also, don’t open any emails coming from an untrusted source or you find it suspicious.
A social engineering technique known as Spear Phishing can be assumed as a subset of Phishing. Although a similar attack, it requires an extra effort from the side of the attackers. They need to pay attention to the degree of uniqueness for the limited number of users they target. And the hard work pays off, the chances of users falling for the false emails are considerably higher in the case of spear phishing.
Imposters or social engineers can be anywhere on the internet. But many prefer the old fashioned way; they use the phone. This type of social engineering attack is known as Vishing. They recreate the IVR (Interactive Voice Response) system of a company. They attach it to a toll-free number and trick people into calling the phone number and entering their details. Would you agree on this? Most people don’t think twice before entering confidential info on a supposedly trusted IVR system, do they?
Pretexting is another example of social engineering you might’ve come across. It’s based on a scripted scenario presented in front of the targets, used to extract PII or some other information. An attacker might impersonate another person or a known figure.
You might’ve seen various TV shows and movies where detectives use this technique to get into places where they’re personally not authorized, or extract information by tricking people. Another example of pretexting can be fake emails you receive from your distant friends in need of money. Probably, someone hacked their account or created a fake one.
If you have seen the movie Troy, you might be able to recall the trojan horse scene. A digital variant of this technique is known as Baiting and it is one of the social engineering techniques used by people. Attackers leave infected USB drives or optical disks at public places with a hope of someone picking it up out of curiosity and using it on their devices. A more modern example of baiting can be found on the web. Various download links, mostly containing malicious software, are thrown in front of random people hoping someone would click on them.
Similarly, there are other social engineering techniques, like Tailgating, where a person takes help of an authorized person to get access to restricted areas where RFID authentication or some other electronic barrier is present.
Another social engineering method Quid pro quo involves people posing as technical support. They make random calls to a company’s employees claiming that they’re contacting them regarding an issue. Sometimes, such people get the chance to make the victim do things they want. It can be used for everyday people also.
Quid pro quo involves an exchange of something with the target, for instance, the attacker trying to solve a victim’s genuine problem. The exchange can include materialistic things such as some gift in return for the information.
In the past, you might’ve come across the story of Ivan Kwiatkowski. He had sensed a foul customer support call before it was too late. He managed to fool the so-called executive on the other side and installed ransomware on the attacker’s computer. That could be thought of as a counter-attack on such people. You need to be alert when someone asks you to give your information or when some unknown person is giving something to you for free.
Recommended: 10 Steps To Defeat Hacking Attacks
Social engineers can also try to hit on the emotional part of people’s brains. They might try to take you on a guilt trip, make you nostalgic, or even try to impact negatively. The situation becomes alarming; people tend to open up in front of the ones trying to give them emotional comfort.
One more thing you must pay attention to save yourself from different types of social engineering scams is what you do on the internet. A person trying to hack into your online account may glance through your Facebook profile and find some clues about the answers to the security questions or even your password.
Mostly, such questions include less important stuff like pet names, school names, birthplace, etc. Also, pay attention to what web pages you visit or what files you download. They may contain malicious tools to harvest your information.
With the abundance of electronic devices and internet nowadays, it’s easier than ever to get information about almost anyone. For instance, it could be some camera keeping an eye on you in the subway or on the streets that could be compromised during social engineering attacks.
So, what’s important is to keep your smartphones, PCs, and online accounts safe by adding strong passwords and other methods like two-factor authentication. Take appropriate security measures like anti-virus software, firewalls, etc. That’s the minimum you can do. Also, make sure you don’t have the habit of writing down passwords and financial details.
However, these are general ways to defend oneself from being exploited by a social engineer. Big organizations have devised more formal methods to deal with such scenarios. This can include things such as conducting regular drills on employees, training them to deal with such situations, and establishing proper methods to identify legitimate personnel.
So, this was a brief overview of what is social engineering and its types. If you feel like adding something, drop your thoughts and feedback.
Here’s a bonus video: