It's essential for employees to be aware of social engineering for ensuring corporate cyber security and data protection. If end users know the main characteristics of these attacks, it's much more likely they can avoid falling for them. Here is a breakdown of 5 Social Engineering attacks you should know:
1. Phishing
The most common tactic used by today's ransomware hackers, typically delivered in the form of an email, web ad or website designed to impersonate a real system and organisation. The message within these emails often appears to be from the government or a major corporation, and they are often crafted to deliver a sense of urgency and importance.
2. Baiting
Like phishing, baiting involves offering something enticing to an end user in exchange for private data. The bait comes in many forms, both digital, such as a movie downloaded from a torrent site, or physical, such as a branded drive labelled "CELEBRITY HACKS" that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim's computer.
3. Quid Pro Quo
Quid pro quo involves a request for the exchange of private data for a service or favour. For example, an employee might receive a phone call from the hacker posing as a technology expert offering free IT assistance in exchange for login credentials. Like baiting, this could be something physical, such as giving someone a gift in exchange for a service. The exchange needs to be of the same value.
4. Pretexting
This is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker, professional colleague, or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn't real).
5. Tailgating
An unauthorised person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they've forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to "borrow" a private laptop for a few minutes, during which the criminal is able to quickly steal data or install malicious software.
James Aguilan
More articles by James
The Air-Gap Dilemma
QA Cyber Security Specialist, James Aguilan, looks at the methods through which air-gapped systems can be compromised.
26 March 2019Safeguarding your Digital Footprint
QA Cyber Security Trainer, James Aguilan, shares 6 tips that can help you safeguard your digital footprint.
05 March 2018Phishing Campaigns: Defending organisations against phishing
QA Cyber Security Trainer, James Aguilan, argues that understanding how to defend against phishing is of paramount importance for the confidentiality and integrity o…
15 February 2018Most common ways for thieves to steal your cryptocurrency
QA Cyber Security Trainer, James Aguilan, looks at how cybercriminals can steal your coins.
19 July 2018Is Mr Robot a good representation of real-life hacking and hacking culture?
QA Cybersecurity trainer James Aguilan looks at several scenarios featured in the hit US TV series Mr Robot – and how they may represent real-life hacking.
19 February 2018How to build an effective cyber defence against polymorphic malware
QA Cyber Security Trainer, James Aguilan, lists three key areas where security efforts should be focussed to counter polymorphic malware.
11 October 2018How do organisations demonstrate accountability for GDPR compliance?
QA Cyber Security Trainer, James Aguilan, outlines steps towards demonstrating compliance with the GDPR.
20 March 2018Cyber criminals can exploit flaws in online security and all new appliances
QA Cyber Security Trainer, James Aguilan, looks at how internet-enabled devices such as fridges, doorbells and TVs are leaving consumers exposed to hackers.
22 May 2018Cryptocurrency Mining: Does the reward outweigh the cost?
QA Cyber Security Trainer, James Aguilan, looks at the practice of mining cryptocurrency.
27 March 2018Cryptocurrency in traditional crimes
QA Cyber Security Trainer, James Aguilan, looks at how cryptocurrency is used in crimes such as drug trafficking, money laundering and fraud.
25 July 2018