Social engineering attacks involve manipulating people into giving their confidential information to malicious actors. Whereas vulnerabilities in software and operating systems are much more predictable, social engineering is especially dangerous as it relies on human error. Although phishing is perhaps the most well-known, social engineering attacks can be performed in every circumstance that involves human interaction and come in many different forms.
Top 16 warning signs that could indicate a Cyber Breach
Detect cyber-crime early with APEX® Advanced Threat Detection
Free whitepaper - Best practices you can follow to minimise the damage from a phishing attack
Baiting is a form of social engineering where victims are tricked into providing sensitive information or credentials after being promised something of value. For example, the victim receives an email that promises a free gift card if they click a link to take a survey. The link might redirect them to a spoofed Office 365 login page that captures their email address and password and sends the information to a malicious actor.
2. Quid Pro Quo
Similar to baiting, quid pro quo attacks promise a benefit in exchange for confidential information. In this case, the benefit usually assumes the form of a service, whereas baiting usually takes the form of a good.
Scareware is a type of social engineering attack in which a scammer inserts malicious code into a webpage that causes pop-up windows with flashing colours and alarming sounds to appear. The pop-up windows will falsely alert users to a virus that’s been installed on their system. Users might by told to purchase or download a security software, and when doing so, the scammers will either gain access to their credit card information or install a real virus.
Piggybacking, also called tailgating, is when an unauthorised person physically follows an authorised person into a restricted corporate area or system. An example is when a malicious actor gains access to a building by convincing an employee to hold a door open for them as they’ve forgotten their ID card. Another example of piggybacking is a hacker asking an employee to “borrow” their laptop for a few minutes, during which they are able to install malicious software.
Whaling is a variation of phishing that specifically targets top-level executives or government officials. The attackers usually spoof the email addresses of other high-ranking people in the company and send emails about an urgent matter or a fake emergency. This type of attack can expose a highly confidential, sensitive information due to the high-level network access of the targets.