What is Social Engineering?

Social engineering is when someone tricks people into making security mistakes or giving away sensitive information.

Social engineering attacks are increasing. According to the FireEye email threat report, they discovered a 26% increase in malicious URLs using HTTPS and a 17% rise in phishing attempts. There was also an increase in file-sharing service exploitation and new impersonation techniques.

Juniper forecasts that cybercriminals will steal an estimated 33 billion records in 2023, compared to the 12 billion records in 2018.

The five most common forms of digital social engineering attacks are:
Baiting
Scareware
Pretexting
Phishing
Spear Phishing

Baiting attacks use a false promise to make someone greedy or curious. It is a trap to steal personal information or to place malware onto target systems.

One method is to place malware onto infected flash drives and then to trick someone into pick up and use what looks like a valid drive.

Another common method is to have online ads that lead to malicious sites or get targets to download a malware-infected app.

Scareware tricks people into thinking their system is infected with malware and tells them to install a defensive software. However, the software installed is actually the real malware. Scareware is also called deception software, rogue scanner software and fraudware.

Pretexting oftens starts with someone pretending to need sensitive information to perform a critical task. They impersonate co-workers, police, bank and tax officials, or other persons who have right-to-know authority. The crook asks to confirm the victim’s identity, through which they gather important personal data. They usually target social security numbers, personal addresses and phone numbers, phone records, staff vacation dates, bank records and even security information related to a physical plant.

Phishing is one of the most popular social engineering attack types. Phishing scams are often an email that alerts that there is a problem requiring a password change.

When a Phishing Attack pretends to be from a company then:
Microsoft is faked 30% of the time.
OneDrive, Apple, PayPal and Amazon were each used as faked in the 6%-7% of phishing attempts.

Spear phishing is a more targeted version of the phishing scam. The messages are based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. Spear phishing needs more information, effort and time from the criminal. They are much harder to detect and are more successful than ordinary phishing.

11 thoughts on “What is Social Engineering?”

  1. DrPat, you are a as* hol*. You are the worst kind of bully, hiding behind anonymity. I can tell by your bulling you only have at most a 5th grade education, plus if you had a wife and kids they left you because of your mindless bullying.

    Reply
  2. Hey dumbo, you’re talking about the perpetrators vs. DrPat is making a statement about the damage to the victim.

    Reply
  3. For the purposes of illustrating an article it would still only be useful to point to the social engineering examples that people know about.

    Reply
  4. I am afraid you missed my point

    Quote “During the election there were 2 significant hacks”

    I am saying there were a lot more than that by both parties. It’s just that the media only focuses on what they want to and slant even those they care to publish, the way they want to. I am afraide news is not NEWS anymore.

    Reply
  5. You miss my point.
    During the election there were 2 significant hacks and subsequent releases of many internal emails. At least one was a naive falling for a phishing technique (though the error was a combination of two people miscommunicating.) These fed into the existing story about poor email security and sustained a theme in political reporting that was probably quite significant.
    Hence I’d have thought that what is a boilerplate list of common scams and how people fall for them would include this big, well know, recent example.

    Reply
  6. You are fooling yourself if you think only one political party (members) used email hacks, lies, false advertising etc. The all use all these tricks. Or at least some of the individual members of all political parties do.

    Reply
  7. No reference to the US Democrat Party phishing email hack in the 2016 elections? Something that might, with a great deal of post hoc, ergo hoc and similar related thinking be said to have made the difference in who won?

    Reply

Leave a Comment