Types of Social Engineering Attacks

Published on : 02 Dec 2019

types of social engineering attack

In social engineering, an attacker gathers information by interacting with people. As human has a natural tendency to trust people. Social engineering endeavour to misuse this propensity so as to take your data. When the data has been taken it very well may be utilized to commit fraud or identity theft.

Social engineering attacks can be characterized into two classes: human-based or computer-based In human-based social engineering attacks, the attacker executes the attack face to face by interacting with the target to accumulate wanted data. Subsequently, they can impact a limited number of victims. The software based attacks are performed using devices such as computers or mobile phones to get information from the targets. They can attack many victims in few seconds.

Computer Based Social Engineering Attacks

The following are the type of computer based attacks :

Phishing Attacks- Phishing attacks are the most well-known attacks led by social engineers. They are targeted at extracting fraudulently private and confidential data from intended purposes through telephone calls or e-mailed messages. They involve fake websites,facebook ad, emails, ads, anti-virus, scareware, PayPal websites, awards, and free offers. For example, the attack can be a call or an email from a fake division of lottery about winning a prize of an aggregate of cash and requesting private information or clicking on a link attached to the emails.

Reverse Social Engineering Attacks – Reverse social engineering attackers claim to tackle a network’s problem. This includes three primary advances: causing an issue, for example, crashing the network; publicizing that the attacker is the main individual to fix that issue; solving the issue while getting the ideal data and leaving without being detected.

Tailgating Attacks – Tailgating attacks, also called physical access or piggybacking, comprise of getting to a region or working by tailing somebody who has the exceptional status to that place. They permit attacker’s entrance to unauthorized buildings or System. For example, attackers ask a victim to hold the door open because they forgot their company’ ID card or RFID (radio-frequency identification) card. They can likewise get a PC or cell phone to perform malicious activities such as installing malware software.

Pop-Up Windows – Pop-up window attacks refer to windows showing up on the victim’s screen informing the connection is lost. The client responds by returning the login data, which runs a malicious program previously introduced with the window appearance. This program remotely forwards back the login data to the attacker.

Dumpster Diving attacks – In this world of information technology, dumpster diving attempt to gather sensitive documents from company’s trash or discarded equipment such as old computer materials, drives, CDs, and DVDs.

Phone/Email Scams Attacks – For this kind of attacks, the attacker contacts the victim by means of telephone or email looking for explicit data or promising a prize or free stock. They target impacting the victim to break the security rules or to give individual data. Besides, cell phone-based attacks can be performed through calls and by means of short messaging services (SMS) or text messages, which are known as SMSishing attacks. SMSishing attacks consist of sending fraudulent messages and texts via cell phones to victims to influence them. These are similar to threats like phishing but are carried out in various ways. The efficiency of the SMSishing attacks lives in the way that victims can convey their cell phones anyplace and whenever.

Narendra Sahoo
Narendra Sahoo

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.