Attackers actively fool many people these days.
In this era of the internet and technology. It has made our life too easy to communicate or find any information online. But every good thing has their side effects. One of the side effects in this technological world is Social Engineering Attacks.
What is Social Engineering Attack?
This is an attack done by hackers. Where they manipulate the people so they can provide their confidential information to them. Many people get fooled by the attackers these days. Ends up resulting in giving critical information, installing malicious software or money to the attacker.
There are different types of Social Engineering Attacks. Most common attacks used are as follows.
- Phishing
In Phishing, an attacker sends emails or text messages to the victim. Where the attacker pretends to be a known person to the victim like old friend, office colleague, newly joined boss etc. When they trick the victim to open the malicious link. Install any malicious software which can steal the victim’s information from the device. Even locks the device requesting money to unlock, or even hack the device.
Once a device is hacked. The attacker then can do any money transfer. And Purchases or even stealing every personal information of the victim.
Examples of Phishing attacks:
- Email Phishing scam
Attackers send multiple emails tricking victims to click on the link and provide personal information. Click on the following link and fill the details.
The actual Gmail link is “anyemail.gmail.com” An attacker can send from the generated email. Which tricks the victim into believing it came from the valid user like follows.
“anyemail.gmaiil.com” or “anyemail.gmaill.com”.
The user ignores such spelling mistakes and thinks it’s from a valid domain. And ends up providing personal information or downloading malicious software.
- Spear Phishing
In this type of attack, the attacker pretends to be a known person like a manager. Or any client and sends the email requesting the information from the victim. Attackers search the information about the victim from online social networking sites. Facebook, Twitter or Instagram and then send the email pretending to be a known person.
Another example is if the attacker knows the victim or victim’s family member is a student. In any school or university, they can send emails like Today is the last date of paying school/university fees. Pay online now to avoid late charges—click on the link below to complete your payment. Once a victim falls under this trick he ends up paying money to the attacker.
- Baiting
In this type of attack, the attacker promises the victim a reward. Attackers forward these deceptive messages to victims through emails, text messages, or even pop-up links on webpages. Attracting the victim to click on the link in order to get the prize. This And result in downloading malicious software or giving personal information to an attacker.
- Scareware
The attacker actively frightens the victim by claiming their system is infected. Or hacked by the malware and then tricks the victim to install malicious software. Example attacker shows popup messages on any webpage, saying. “Your system is corrupted by the malware click here to scan the system”. If Victim clicks on the link which ends up downloading malicious software.
In another example of scare tactics, attackers send emails that warn users about a hacked password
- Pretexting
In this type of attack, an attacker pretends to be a known person and asks for personal information. It can be over phone or email tricking the victim to believe him and provide sensitive data. They can pretend to be the victim’s client or Manager pretending to forget their password. Or lose the office system and provide the details. So they can login from their personal system to perform any urgent work.
- Vishing
In this type of attack, the attacker calls the victim. They convinces the victim that they need to act quickly in order to protect them from any risk.
Example, they can call you saying they are from your bank and need to do some extra verifications. Or credit card passwords have expired and need to take action quickly. In this situation if the victim ends up giving personal or any sensitive information. The attacker can take away the money from your account.
We should always be aware about such phone calls or emails. Instead of giving any information over call or email physically visit a bank and verify the details.
- Water holing
This is an advanced social engineering attack where an attacker can attack a website and its visitors. Attackers take advantage of the thrusts users have on any website they visit regularly. Example: any chat forums or any social media sites etc. Users from these websites are extra careless thinking that the site is secure and clicks on any malicious links. Such websites are referred to as watering holes. An attacker traps the victim into the trap and waits for them to click on malicious links.
How can we stay protected from Social Engineering Attacks?
- We should always be aware about which sites we are visiting or whom we are giving information to.
- If you get any email from a suspicious sender. Do not open the email or click on any link from that email. Report that email as Phishing and spam and delete that email.
- If any one requesting any personal info via call or email avoid giving any sensitive information. And do visit physically to the office if it’s urgent.
- Always set your spam filters on high. Every email has spam filters that change the settings for these filters as high. Do keep on checking your spam folder if any legitimate emails are accidently moved to the spam folder.
- Always secure your device and don’t download any unauthorized software into it. Do check the reviews of any software, terms and conditions before installing it.
- Always stay alert when visiting any website, which can have malicious links.
