Are you aware of the Social Engineering Attacks ?

  Dr. Pattathil Dhanya Menon  

Share This Post


Being discussed about other types of cyber-attacks, now it's time to discuss the ‘Social engineering attacks’ which is the psychological manipulation of people into performing actions or divulging confidential information. It is the kind of trick for the purpose of information gathering, fraud, or system access, etc. in short it is a complex fraud scheme.

For example, on most of the websites which require login, there will be a ‘Forgot Password’ button. An improperly-secured password-recovery system can be used to grant a malicious attacker full access to a user's account, while the original user will lose access to the account.

Let’s see different types of social engineering:

  1. Phishing

    where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Simply, the attacker sends an email or text to the target soliciting personal and valuable information..

  2. Vishing

    Voice phishing, or vishing, is the use of telephony to conduct phishing attacks. Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer. In other words, the attacker makes fraudulent calls to collect personal and valuable information from the targets.

  3. Baiting

    The attacker uses false promises or triggers the victims curiosity. They then trap the victims to give away their personal information.

  4. Quid Pro Quo

    The attacker makes random calls to employees of certain organizations or companies and solicits information in exchange for certain services or benefits.

  5. Pretexting

    Pretexting is often initiated by the criminal pretending to need the sensitive personal information to perform a critical task. Criminal here develops and builds a trust with the victim.

  6. Watering Hole

    The attacker injects malicious codes into the web pages that are most visited by the target groups. Once a victim visits the page on the compromised website a backdoor trojan is installed on his computer. And personal sensitive information in that computer is stolen.

Dr. Pattathil Dhanya Menon

Dr. Pattathil Dhanya Menon

Dr. Pattathil Dhanya Menon is India's first woman cyber crime investigator and Managing Director of Avanzo Cyber security Solutions, the leading brand in the field of cyber & Data security and one of the associate partners of APOSTROFO. [www.avanzo.in]