- 21 Nis 2020
- 1,208
- 3
- 681
Greetings Turk Hack Team Members, today I'll talk about some Social Engineering tips and facts. I tried to explain as many as I can. Let's start then.
Pretexting
Pretexting is usually paired with spear phishing as the attention-getter. Its a tactic that builds a compelling context or pretext around the social engineering scenario. An email from your boss is a common pretext scenario.
Pretext is important to social engineers. It is how they manipulate people into making mistakes and giving up valuable information.
Baiting
Baiting is a social engineering tactic with the goal of capturing your attention. Baiting can be found in search results, social media or emails. For businesses, baiting often comes across as a request for help. During the baiting attempt, victims are asked to verify company credentials and confidential information. This information can lay the foundation for future interactions with the social engineer.
Another form of baiting is more physical. Social engineers have been known to leave a USB somewhere at their target company. The label is appealing to employees, like 2020 Raises. This tempts your employees to pick it up and plug it in, allowing the social engineer to have an entry point into your network.
Quid Pro Quo
The quid pro quo tactic always appears like an equal exchange of informationthe classic Youll scratch my back; Ill scratch yours but when it comes to social engineering, it is not equal. Social engineers craft their proposals to benefit them and their goal in gaining information to infiltrate your business.
Phones & Vishing
Phones are vulnerable to vishing (voice phishing) and texting phone scams. Vishing is a phone scam that pretends to be a trusted authority to get exploitable information, like the IRS phone scare that comes around tax season each year. Social engineers are clever. They can mimic recognizable phone numbers and caller ID names to gain trust.
Some social engineers are strategic and use out of office replies to research and call your business:
And those are just phone call examples of social engineering!
Social engineers are even using texting. Texting is more and more integrated into technology. Social engineers are using texts to send phishing links to open the door into your network.
Tailgating
Tailgating involves more than one person, piggybacking off of resources to appear like a credible source. For example, a social engineer will call someone, who they know does not have the proper authority to answer their question, and the employee will transfer them to someone who can. This transfer makes the social engineer look trustworthy.
Like baiting, tailgating isnt limited to the virtual world. An easy way social engineers gain access to a physical, internal network is by conversing with an employee and following them into the building without swiping a keycard. This gives them easy access to the entire building, including your serves and computers.
Social Media
Social media is a social engineering tool. Social engineers create bogus profiles which impersonate celebrities or trickier your friends and family. They often take advantage of data breaches to accomplish identity theft.
Rogue Security
Social engineering uses every trick to gain access to your network, including rogue security. Rogue security is a form of malware which impersonates a fake or simulated anti-spyware or security scanner. It tricks you into believing you are getting protection, when in fact you are infecting your network with malware and the social engineer is stealing your data.
It is possible to protect yourself against a rogue security attack. Knowledge is power. Understanding who your anti-virus provider is and how often updates occur can protect you and your company from falling victim to a rogue security attack. At Access Systems, we verify updates that go out to our network and clients on a regular schedule. So, you know they are not rogue security pop-ups.
Emergency Language
To make you fall for social engineering, attackers will use emergency language. They use words or phrases like:
If you do not respond
Immediately
This is your last chance
Respond now
You have 2 days
Quickly
These words make you act first and think second, because no one wants to get in trouble or miss an opportunity. It manipulates you to make rush decisions.
Social engineering attacks also are impacted by the time of year or regional events. Natural disasters and health scares usually bring out a surge of insurance fraud attacks and political elections are prime targets for fake donations.
This article ends here, thanks for reading.
Pretexting
Pretexting is usually paired with spear phishing as the attention-getter. Its a tactic that builds a compelling context or pretext around the social engineering scenario. An email from your boss is a common pretext scenario.
Pretext is important to social engineers. It is how they manipulate people into making mistakes and giving up valuable information.
Baiting
Baiting is a social engineering tactic with the goal of capturing your attention. Baiting can be found in search results, social media or emails. For businesses, baiting often comes across as a request for help. During the baiting attempt, victims are asked to verify company credentials and confidential information. This information can lay the foundation for future interactions with the social engineer.
Another form of baiting is more physical. Social engineers have been known to leave a USB somewhere at their target company. The label is appealing to employees, like 2020 Raises. This tempts your employees to pick it up and plug it in, allowing the social engineer to have an entry point into your network.
Quid Pro Quo
The quid pro quo tactic always appears like an equal exchange of informationthe classic Youll scratch my back; Ill scratch yours but when it comes to social engineering, it is not equal. Social engineers craft their proposals to benefit them and their goal in gaining information to infiltrate your business.
Phones & Vishing
Phones are vulnerable to vishing (voice phishing) and texting phone scams. Vishing is a phone scam that pretends to be a trusted authority to get exploitable information, like the IRS phone scare that comes around tax season each year. Social engineers are clever. They can mimic recognizable phone numbers and caller ID names to gain trust.
Some social engineers are strategic and use out of office replies to research and call your business:
A simple opening is all a good social engineer needs to appear to be a credible source.Hi Dan, I hope Erica is enjoying her vacation in the Bahamas. Since she wont be back until July 31st, she directed me to you to answer my questions.
And those are just phone call examples of social engineering!
Social engineers are even using texting. Texting is more and more integrated into technology. Social engineers are using texts to send phishing links to open the door into your network.
Tailgating
Tailgating involves more than one person, piggybacking off of resources to appear like a credible source. For example, a social engineer will call someone, who they know does not have the proper authority to answer their question, and the employee will transfer them to someone who can. This transfer makes the social engineer look trustworthy.
Like baiting, tailgating isnt limited to the virtual world. An easy way social engineers gain access to a physical, internal network is by conversing with an employee and following them into the building without swiping a keycard. This gives them easy access to the entire building, including your serves and computers.
Social Media
Social media is a social engineering tool. Social engineers create bogus profiles which impersonate celebrities or trickier your friends and family. They often take advantage of data breaches to accomplish identity theft.
Rogue Security
Social engineering uses every trick to gain access to your network, including rogue security. Rogue security is a form of malware which impersonates a fake or simulated anti-spyware or security scanner. It tricks you into believing you are getting protection, when in fact you are infecting your network with malware and the social engineer is stealing your data.
It is possible to protect yourself against a rogue security attack. Knowledge is power. Understanding who your anti-virus provider is and how often updates occur can protect you and your company from falling victim to a rogue security attack. At Access Systems, we verify updates that go out to our network and clients on a regular schedule. So, you know they are not rogue security pop-ups.
Emergency Language
To make you fall for social engineering, attackers will use emergency language. They use words or phrases like:
If you do not respond
Immediately
This is your last chance
Respond now
You have 2 days
Quickly
These words make you act first and think second, because no one wants to get in trouble or miss an opportunity. It manipulates you to make rush decisions.
Social engineering attacks also are impacted by the time of year or regional events. Natural disasters and health scares usually bring out a surge of insurance fraud attacks and political elections are prime targets for fake donations.
This article ends here, thanks for reading.