How do Social Engineering Attacks Take Place?
Phishing scams are the most common type of Social Engineering attacks these days. Tools such as SET(Social Engineering Toolkit) also make it easier to create a phishing page but luckily many companies are now able to detect phishing such as Facebook. But it does not mean that you cannot become a victim of phishing because nowadays attackers are using iframe to manipulate detection techniques. An example of such hidden codes in phishing pages is cross-site-request-forgery “CSRF” which is an attack that forces an end user to execute unwanted actions on a web application. Example: In 2018 we have seen a great rise in the use of ransomware which has been delivered alongside Phishing Emails. What an attacker does is usually deliver an attachment with a subject like “Account Information” with the common file extension say .pdf/.docx/.rar etc. The user generally clicks and the attacker’s job gets done here. This attack often encrypts the entire Disk or the documents and then to decrypt these files it requires cryptocurrency payment which is said to be “Ransom(money)”. They usually accept Bitcoin/Ethereum as the virtual currency because of its non-traceable feature. Here are a few examples of social engineering attacks that are used to be executed via phishing:
- Banking Links Scams
- Social Media Link Scams
- Lottery Mail Scams
- Job Scams
Social Engineering – The Art of Virtual Exploitation
Social engineering uses human weakness or psychology to gain access to the system, data, personal information, etc. It is the art of manipulating people. It doesn’t involve the use of technical hacking techniques. Attackers use new social engineering practices because it is usually easier to exploit the victim’s natural inclination to trust. For example, it is much easier to fool someone to give their password instead of hacking their password. Sharing too much information on social media can enable attackers to get a password or extracts a company’s confidential information using the posts by the employees. This confidential information helped attackers to get the password of victim accounts.
Contact Us