Understanding Social Engineering Terms and Tactics
It’s no secret that fraud scams are on the rise and cyber security is a concern for many now more than ever. In fact, during the second quarter of 2023, the Anti-Phishing Working Group (APWG) observed almost 1.3 million phishing attacks, representing the third-highest quarterly total ever observed by the group. The financial sector remained the primary target, experiencing 23.5% of all phishing attacks, according to the APWG. The best way to avoid falling victim to fraud scams is be educated on the common types and tactics and to remain vigilant online.
What is Social Engineering?
Social engineering is a general term that refers to a broad range of manipulation tactics used by hackers to acquire information.
Types of Social Engineering:
- Baiting: Baiting is a social engineering attack where the attacker entices the user with a free item to lure them into clicking on a link. This may come in the form of a free music or movie download lined up with the user’s interests. When the unsuspecting user clicks the link, they become infected with malware.
- Phishing: Phishing is a type of social engineering attack that uses email, phone or text to entice a user to click on a malicious link. The communication appears to be from a legitimate source connected to the user. When the user selects the ill-intentioned link, the user’s device or system becomes infected with malware and data is often compromised
- Pretexting: This tactic is one more commonly associated with the term social engineering. With pretexting, an individual impersonates a representative from a trusted organization with the goal of acquiring sensitive information. This social engineering technique relies heavily on gathering research before initiating contact with the target.
- Quid Pro Quo: The quid pro quo attack is a variation of baiting. Often known as the “something for something” social engineering technique, the quid pro quo attack involves promising a service or benefit for complying with the request of an attacker. For example, a social engineer may promise a free software upgrade to entice a user to download what is actually malware to their system.
- Reverse Social Engineering: In this kind of social engineering scheme, the attacker convinces a target that they have a problem or issue and then positions themselves with a solution. The target then initiates contact with the social engineer believing that they are able to solve their problem.
- Tailgating: This social engineering tactic is a physical attack. With tailgating, a hacker gains access to restricted areas of a building by following an approved employee into the building and piggybacking on their credentials. In these cases, the social engineer often pretends to be an employee or even a delivery person.
- Whaling and Spear Phishing: These attacks are a variation of phishing and, because they target a specific individual, they require a significant amount of research. In whaling attacks, these individuals are high-profile people.
How to prevent and protect against Social Engineering:
- Research any suspicious calls, emails or texts.
- Open attachments only from trusted sources.
- Immediately delete any emails or texts asking for passwords or personally identifiable information (PII), such as social security numbers or financial information.
- Don’t open any emails promising prizes or notification of winnings.
- Download software only from approved sources.
- Be wary of urgent requests or solicitations for help.
- Make sure you have spam filters and antivirus software on your device.
- Trust your gut. If something feels off, contact your provider directly for assistance.