It seems like cyber criminals want to breach our privacy by any means necessary. Typically, they utilize malware like viruses, Trojans, spyware, and stalkerware to attack our data. But as we use security patches, antivirus software, and even VPN technology to protect ourselves, they’re turning to social engineering to get through our defenses.
So, what is social engineering? In a nutshell, social engineering is any type of online attack that leverages human psychology. Hackers may exploit emotions like greed, love, lust, anxiety, or sadness to trick their targets into making bad decisions. A classic example of a social engineering attack nowadays is a romance scam that targets the elderly. Cybercriminal gangs pretend to be romantic interests and develop relationships only with lonely retirees in order to steal from them.
Let’s look at some different kinds of social engineering attacks:
1. Phishing Expedition
A phishing expedition, also known as a phishing attack, is the most common type of social engineering attack nowadays. So, what is a phishing attack, and how does it work? In a nutshell, a phishing attack is a bogus email that tricks recipients into downloading viruses or visiting websites designed to steal credit card information and other confidential data. Phishing emails are sent out by hackers in bulk.
They may carry spelling, grammar, or graphical mistakes or boast offers that are too good to be true. Some phishing emails work on our anxiety by claiming to be from government agencies demanding overdue taxes.
Spear-phishing is similar to regular phishing but is more targeted. Cybercriminals that use spear-phishing usually gather intelligence on their targets before developing the phishing campaign. They may learn about where you work, what car you drive, when you travel, and what products you use from your social media platforms. Then, they may send a fake email from your bank asking for your login credentials or asking you to visit a fraudulent banking page.
Smishing and phishing are very similar. While phishing usually utilizes emails, smishing leverages mobile text messages. Some experts classify fake emails, text messages, and websites as all part of the phishing family.
Vishing is a form of phishing that utilizes phone calls. Hackers often use Voice over Internet Protocol (VoIP) technology for vishing because it helps them cover their tracks. Some VoIP tools also allow hackers to mask their phone numbers and use customized voice IDs. With these tools, scammers can pretend to be authority figures like big banks or government agencies.
Pretexting is a form of social engineering where hackers create a pretext to lure their targets into vulnerable situations. The romance scam is a type of pretexting attack because it leverages a made-up scenario.
Baiting is a type of social engineering attack that uses a target’s curiosity against them. A classic baiting attack is when hackers mail USB drives containing ransomware to an office building, hoping staff use them out of curiosity. Baiting attacks can also occur through websites that show flashy ads featuring unrealistic deals.
As the name implies, these attacks manipulate emotions like fear, anxiety, and stress. Typical examples of this type of social engineering include vishing calls to random people, telling them that they’ll be arrested for not paying their dues unless they share their credit card information. Of course, such attacks can backfire, especially when the target is a former FBI and CIA Director.
These are seven types of social engineering attacks. Protect yourself from them by using anti-malware software, screening phone calls, emails, and texts, and thinking twice before making sensitive decisions.