14 November 2020
"Social engineering is the manipulation or the taking advantage of human qualities to serve an attacker’s purpose."
- MalwareByes.com
This definition includes a wide range of scams such as phishing and even malware. But for a more real-life example, consider you work at a highly secure research facility. Someone approaches your door, but they are carrying a bunch of books. The person claims they can't reach their card right now, "Would you mind opening the door for me, please?" Did you open the door? You may have thought you were being courteious, but you may have just been a victim of social engineering.
Here are more examples of social engineering:
- Eavesdropping
- Typosquatting - google.com vs gooogle.com
- Homograph attacks - make phony copies of real sites
- Blackhat SEO/SEO poisoning
- Clickjacking
- Tailgating or piggybacking
- USB / CD Attacks
- Social media baiting scams - who clicked your profile, quizzes etc
- Blackmail
- Cold call scams
- Vishing (Voice Phishing)
- Catphishing / Romance Fraud
- Payment diversion fraud
- Cancer Fraud / Fake orphanages / fake fundraisers
- Dumpster diving
As you can see, criminals have a huge toolbox of tricks they can use to get your personal information. Its important to be aware of these so you can take actions that increase your overall security in your day to day setting.
Leave a comment