SOCIAL ENGINEERING



What is Social Engineering? [Social Engineering Defined] | 𝗧𝗵𝗲 𝗦𝗰𝗮𝗿𝗹𝗲𝘁𝘁 𝗚𝗿𝗼𝘂𝗽

What is Social Engineering?

Social engineering is that the term used for a broad vary of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into creating security mistakes or giving freely sensitive data.


Social Engineering techniques

Social engineering may happen in different forms anywhere where human interaction is involved. There are five most common forms of digital social engineering techniques.

  1. Baiting
  2. Scareware
  3. Pretexting
  4. Phishing
  5. Spear Phishing
Baiting

The way attackers do suits with English mean of the baiting. Actually, in Baiting, attackers find something the victim greed or curiosity. After making a friendship with the victim, trap the victim and steal their personal information or inflicts their systems with malware. The most reviled form of baiting uses physical media such as an infected flash drive. 
But through online also attackers may attack using baiting. In this way, attackers might use some advertisements that the user might tend to click. Then it leads to download the malware-infected application. That is how Baiting happens.


Scareware

Scareware is the practice of making false warnings and false threats to victims. Users are made into thinking that their systems are infected with malware and are tempted to install software that has no real benefit or malware itself. As an example, when you are browsing on the web, the message can pop up saying that "your computer is infected with the harmful program and install this tool free" But actually the user downloading the malware itself. That is how scareware works.

Pretexting

Here attackers obtain information by pretending to be someone else who is a responsible professional in the community. As an example think the victim is not satisfied with the job or salary. So the attacker might be pretending an interviewee who offers a high salary with the package. However, the attacker makes the victim for an online interview. and ask how security architecture made like the most secret question which is needed to attack the organization. That is how pretexting works.


Phishing

As one of the most popular types of social engineering attacks, phishing scams are email and SMS campaigns aimed at instilling in victims a sense of urgency, curiosity or fear. It then prompts thems to expose sensitive information, click links to malicious websites, or open attachments containing malware.


Spear Phishing

This is the highly targeted version of fraud in which the attacker selects real people or businesses. They greatly attackers based on their messages, personality, work environment, and relationship status. This may take some time. But it is hard to find even though after the fraud also.
As an example, attackers might spot on the manager of the organization and find their signature and writing style. And send some message or email to the administrator to change the password and send me the credentials. But those credentials actually hand over to the attacker. That is how spear phishing works.


How to prevent Social Engineering.

  • Do not open emails and attachments if you feel this is suspicious. If you receive an email from an unknown person you don't want to reply to them. You can hand over to the IT department for further clarrification.
  • To protect yourself from revealing user credentials, you can use two-factor authentication.
  • Be aware of the offers that you receive. Check twice before accepting the offer. It may be a fraud.
  • Keep your antivirus software up to date.

References:

  • https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering
  • https://www.youtube.com/watch?v=hZbgnFeXlr0
  • https://www.imperva.com/learn/application-security/social-engineering-attack/








Comments

  1. Prabod_DunuwilaDecember 3, 2020 at 6:18 AM

    When it comes to social engineering, I have heard about 'Quid Pro Quo' attacks. What do you think about them?

    ReplyDelete
    Replies
    1. Rajitha GamageDecember 10, 2020 at 8:08 PM

      Yes prabod thank you for asking that question. In Latin, 'quid pro quo' means 'something for something'. It rely on people's sense of reciprocity, with attackers offering something in exchange for information

      Delete
  2. Suranga WijayarathnaDecember 8, 2020 at 8:16 PM

    Nice flow Rajitha..Do you think that, catfishing and cyberstalking come under social engineering techniques?Can you provide a link to refer more on that area?

    ReplyDelete
    Replies
    1. Rajitha GamageDecember 10, 2020 at 8:19 PM

      Appreciate your interest suranga. Catfishing is a kind of social engineering. The cybercriminal in a catfishing scam might post fake pictures or send encouraging messages to entice you into a relationship, but the goal is the same as in other scams. You can browse further details on

      https://www.microsoft.com/security/blog/2013/06/20/catfishing-are-you-falling-for-it/

      Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group, or organization. You can browse further details from here,

      https://www.tripwire.com/state-of-security/security-awareness/what-cyberstalking-prevent/

      Delete
  3. Dilesha PereraDecember 8, 2020 at 11:07 PM

    Informative article that nicely explains how we can avoid social engineering attacks.

    ReplyDelete
  4. Ruvy RathnayakeDecember 9, 2020 at 7:54 PM

    Adding to this topic, these social engineering attacks may lead an organisation to direct financial losses, high recovery cost, productivity loss and reputation damage. So as you clearly mentioned, we should follow the prevention method before something terrible occurs. Good read Rajitha!

    ReplyDelete
    Replies
    1. Rajitha GamageDecember 10, 2020 at 8:25 PM

      Yes Ruvishka, Prevention is bettter than Cure. we should follow prevention methods to secure our system.

      Delete
  5. Chamal DemelDecember 10, 2020 at 2:32 AM

    Interesting post on social engineering Rajitha. Adding to what you mention, In most work places they are using excel workbooks, these also can lead to a Social Engineering Using “Hidden” Macros. This article gives some knowledge on that-https://securityonline.info/social-engineering-using-hidden-macros-in-excel/

    ReplyDelete
  6. Santhoopa JayawardhanaDecember 10, 2020 at 6:10 AM

    Timely article. It is of great need to be vigilant about these types of attacks specially in the modern digital world.

    ReplyDelete
    Replies
    1. Rajitha GamageDecember 10, 2020 at 8:31 PM

      Yes Santhoopa, Knowing in these attacks are best way to keep away from those.

      Delete
  7. KaweeDecember 10, 2020 at 5:37 PM

    Social engineering is the first step in many attacks. This post nicely explain the social engineering techniques and ways to stay protected from them.

    ReplyDelete
  8. Anuththiga ThurairasasingamDecember 11, 2020 at 2:26 AM

    Thanks for the information Rajitha. Can you explain about tailgating and how does it connect with social engineering?

    ReplyDelete
    Replies
    1. Rajitha GamageDecember 11, 2020 at 2:51 AM

      Thank you Anuththiga, Tailgating, also known as piggybacking, is a type of social engineering attack that's a little different from the others because it's almost exclusively physical in its attack vector. This type of attack involves an attacker asking for access to a restricted area of an organization's physical or digital space

      Delete

Post a Comment

Popular posts from this blog

REVOLUTION TO 5G

Image
  What is "G"  That 1 G, 2G, 3G,4G and 5G are different generations of mobile networks, 1980 to 2020. "G" convey the meaning of the generation. As shown in the above image, every decade, a new generation was introduced with a specific set of standards with each generation. Especially the speed of those networks is increased. Journey From 1G to 5G 1G 1G was the first generation and it was the wireless telephone technology introduced in 1980 and completed in early 1990. Its speed was up to 2.4kbps. It allows the voice call in only one country. 1G network was using only analogue signals. what do you believe that compared to today's world and in 1G technology?. Amps were first launched in the USA in 1G mobile. Although 1G was the biggest revolution of its time. But in 1G there were a lot of drawbacks such as poor voice quality, the poor battery life, no security anybody can hake your limited capacity and poor handoff reliability. Because of that world move to the 2G...
Read more

NEED OF SIEM TOOL FOR ORGINIZATION

Image
  What is SIEM? SIEM stands for Security, Information and Event Management and it's pronounced SIM, "E" is silent when pronouncing. The main purpose of SIEM is, it is a system that collects log files, security alerts and events into one place. So security teams can more easily analyze data. An in another way you can think of a SIEM as a log management system specialized for security. How does SIEM work? SIEM collects all the information from other security systems like endpoint security, endpoint security, firewalls, intrusion detection systems. The logs and alerts from these systems needed to be stored centrally. So that analysts didn't have to go to each individual security product to conduct the investigations. Above image shows the tasks done from SIEM tool.  SIEM offer powerful log search features, the ability to trigger alerts using rules and reports that organizations can provide to auditors to demonstrate compliance with various regulations. The new SIEM is up...
Read more