Social Engineering

Social Engineering

Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or performing actions that compromise security. (csoonline.com, theguardian.com, spiceworks.com, britannica.com, infosecurity-magazine.com)

1. Smishing,

  1. derived from “SMS” and “phishing,” is a type of cybercrime that uses deceptive text messages to manipulate victims into divulging sensitive personal information such as bank account details, credit card numbers, and login credentials.Just like phishing emails, the goal of smishing is to trick individuals into revealing private information that can be used for identity theft, financial theft, or other fraudulent activities1.

Here are some key points about smishing:

  • Method: Smishing relies on text messages (SMS) instead of email.
    • Attack Vector: Scammers pose as legitimate institutions (banks, service providers, or reputed companies).
  • Deceptive Content: The text messages contain persuasive language to lure recipients.
  • Objectives: Obtain sensitive data or prompt users to download malicious content.
  •  

Example of Smishing:

    • You receive a text message claiming to be from your bank.
    • The message states that there has been suspicious activity on your account.
    • To verify your identity, it asks you to click a link provided in the text.
    • The link leads to a website that looks like your bank’s official site.
    • On this fraudulent site, you’re prompted to enter your account number, PIN, and other confidential details.
    • Unaware that it’s a scam, you comply, unknowingly revealing sensitive information to the attacker.

Remember to stay cautious when receiving unexpected text messages. Always verify the sender’s authenticity independently before sharing any personal or financial details. 📱

Vishing,

    • short for “voice phishing,” is a type of cyberattack where scammers use verbal      communication (usually phone calls) to deceive individuals into revealing sensitive information. Here’s how it works and an example:

      1. Description of Vishing:
        • Method: Vishing relies on social engineering and manipulation to trick victims.
        • Medium: Attackers use phone calls or voice messaging services.
        • Goal: Obtain personal data (e.g., credit card numbers, government IDs) for identity theft or financial gain.
      2. Example of Vishing:
        • Imagine receiving a call from someone claiming to be a bank representative.
        • The caller informs you that there has been suspicious activity on your account.
        • To verify your identity, they ask you to provide your account number, PIN, and other sensitive details.
        • Believing it’s a legitimate call, you comply, unknowingly revealing confidential information.
        • In reality, the caller is a scammer attempting to steal your data1

Spear Phishing

      • Targeted phishing attacks customized for specific individuals.

        Spear phishing is a targeted form of phishing where cybercriminals tailor their attacks to specific individuals or organizations. Unlike generic phishing emails sent to a wide audience, spear phishing messages are carefully crafted to deceive a particular recipient. Here are some key points about spear phishing and examples:

        1. How Spear Phishing Works:
          • Personalization: Attackers gather information about the target (e.g., name, job role, interests) from various sources (social media, company websites, leaked databases).
          • Customization: The phishing email is customized to appear legitimate and relevant to the recipient.
          • Objective: The ultimate goal is to trick the recipient into taking a specific action, such as clicking a malicious link, downloading an infected attachment, or revealing sensitive information.
        2. Examples of Spear Phishing:
          • CEO Fraud Scams:
            • Attackers impersonate high-ranking executives (e.g., CEOs, CFOs) to manipulate employees.
            • Example: An email from the CEO urgently requesting a wire transfer to a specific account.
          • Business Email Compromise (BEC):
            • Scammers compromise legitimate email accounts (often executives’) to send fraudulent requests.
            • Example: An email from the CFO instructing the finance team to change payment details for a vendor.
          • Targeted Malware Delivery:
            • Attachments or links in spear phishing emails deliver malware (e.g., ransomware, spyware).
            • Example: An email appearing to be from HR with a disguised resume attachment containing malware.
          • Credential Theft:
            • Phishing emails mimic login pages (e.g., for email, banking, or corporate systems).
            • Example: A fake Office 365 login page asking the user to verify their credentials.
          • Client-Specific Lures:
            • Attackers use industry-specific jargon or references relevant to the recipient’s work.
            • Example: A healthcare professional receiving an email about a medical conference registration.

Remember to stay vigilant, verify sender identities, and report suspicious emails to prevent falling victim to spear phishing attacks. 🎣🛡️