Social Engineering involves exploiting fear and emotion to trick someone into disclosing or grating access to private information. Below are 5 of the most common techniques.
BAITING
Also known as B-phishing, baiting uses a false promise to pique a victim’s greed or curiosity. Users are lured into a trap that steals their personal information or inflicts their systems with malware. For example, people may click on an enticing ad that leads to malicious websites or encourages them to download a malware-infected application.
SCAREWARE
Also known as deception software or fraudware, these are malicious computer programs designed to trick users into buying and downloading unnecessary and potentially dangerous software. An example would be an offer in a spam email for fake antivirus protection.
PRETEXTING
Scammers use email, text, or phone calls to win trust and gain access to data and accounts under false pretexts. The scam is often initiated by a perpetrator who impersonates co-workers, police, or other officials, pretending to need sensitive information such as social security numbers or bank records in order to perform a critical task.
PHISHING
One of the most popular social engineering attack types, phishing scams are email and text message campaigns that employ trust, fear, and a sense of urgency to prod victims into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
SPEARPHISHING
This is a more targeted version of a phishing scam where an attacker chooses specific individuals or organizations to provide sensitive information. Perpetrators tailor their messages based on victims’ characteristics, job positions, and contacts to appear genuine and less conspicuous.