Whilst most people are aware of cyber attacks and the need to guard against them, fewer people are aware of the rise of social engineering attacks. These are malicious cyber attacks which exploit people’s good nature, desire to help or curiosity, which without advanced cyber security measures in place could take down entire networks. There are three main types of social engineering attacks.
Phishing
Phishing attacks are means of trying to obtain confidential information by email. The sender will ask the recipient to confirm their login details to an account for a service they use, together with a link to a bogus website. If the recipient enters their details, the “phisher” will then harvest them for fraudulent purposes.
There are defences against blanket “phishing campaigns”, and that, in turn, has given rise to “spear phishing”. This is when a fraudulent email is addressed to one particular person. This often circumvents cyber security protections designed to stop mass phishing campaigns.
Because of the direct nature of spear phishing attacks and the resulting uselessness of preemptive measures being taken, phishing testing is now a standard security measure throughout businesses of all sizes.
Compromised Websites
Social engineers are able to compromise well-known and trusted websites by hacking into them and planting a form of malware, such as a key-logger, which will record the unsuspecting user’s log-in data when that person accesses what they believe to be a secure website. These details can often be found for sale on the dark web.
Real World Baiting
As the name suggests, these social engineering attacks take place offline in the ‘real world’. Their success is dependent upon decent people’s tendency towards either concern or curiosity.
A common method starts with labelling a USB stick as something corporate-facing like ’employee bonuses’. However, the stick is actually loaded with a virus or a Trojan horse. The fraudster will then leave it lying around in the workplace. A curious member of staff may pick up the USB, insert it into his or her computer to view the contents and thereby infect the computer with the malware.
Fraudsters are characterised by their relentlessness and ingenuity and so we can expect social engineering attacks to grow in both incidence and form. It is, therefore, vital to be aware and vigilant in order to avoid costly and damaging breaches of security.
For more information on cyber security services:
Find Out More