Being discussed about other types of cyber-attacks, now it's time to discuss the ‘Social engineering attacks’ which is the psychological manipulation of people into performing actions or divulging confidential information. It is the kind of trick for the purpose of information gathering, fraud, or system access, etc. in short it is a complex fraud scheme.
For example, on most of the websites which require login, there will be a ‘Forgot Password’ button. An improperly-secured password-recovery system can be used to grant a malicious attacker full access to a user's account, while the original user will lose access to the account.
Let’s see different types of social engineering:
where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Simply, the attacker sends an email or text to the target soliciting personal and valuable information..
Voice phishing, or vishing, is the use of telephony to conduct phishing attacks. Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer. In other words, the attacker makes fraudulent calls to collect personal and valuable information from the targets.
The attacker uses false promises or triggers the victims curiosity. They then trap the victims to give away their personal information.
- Quid Pro Quo
The attacker makes random calls to employees of certain organizations or companies and solicits information in exchange for certain services or benefits.
Pretexting is often initiated by the criminal pretending to need the sensitive personal information to perform a critical task. Criminal here develops and builds a trust with the victim.
- Watering Hole
The attacker injects malicious codes into the web pages that are most visited by the target groups. Once a victim visits the page on the compromised website a backdoor trojan is installed on his computer. And personal sensitive information in that computer is stolen.