Top 10 Techniques Used By Social Engineers

Know Your Security Threats.

Did you know that 77% of successful social engineering attacks started with a phishing email?

Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. 

Pretexting

An invented scenario is used to engage a potential victim to try and increase the chance that the victim will bite. It’s a false motive usually involving some real knowledge of the victim (e.g. date of birth, Social Security number, etc.) in an attempt to get even more information.

CEO Fraud

The bad guys attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.

An invented scenario is used to engage a potential victim to try and increase the chance that the victim will bite. It’s a false motive usually involving some real knowledge of the victim (e.g. date of birth, Social Security number, etc.) in an attempt to get even more information.

CEO fraud is an attack targeting an employee in which the bad guys send an email from an individual purporting to be the president of the company. The “CEO” requests a wire transfer or money orders sent with urgency and insist on email-only communication. 
The bad guys are counting on the fact that employees want to please their boss with their efficiency and speed in responding to the request.

Phishing

The bad guys attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters. Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public.

CEO Fraud

CEO fraud is an attack targeting an employee in which the bad guys send an email from an individual purporting to be the president of the company. The “CEO” requests a wire transfer or money orders sent with urgency and insist on email-only communication. 
The bad guys are counting on the fact that employees want to please their boss with their efficiency and speed in responding to the request.

Water-Holing

This technique takes advantage of websites people regularly visit and trust. The attacker gathers information about a targeted group of individuals to find out what those websites are, then tests those websites for vulnerabilities. Over time, one or more members of the targeted group will get infected and the attacker can gain access to the secure system.

Quid Pro Quo

Latin for ‘something for something’, in this case it’s a benefit to the victim in exchange for information. A good example is hackers pretending to be IT support. They will call everyone they can find at a company to say they have a quick fix and “you just need to disable your AV”. Anyone that falls for it gets malware installed on their machine.

Honeytrap

A trick that makes men interact with a fictitious attractive female online. From old spy tactics where a real female was used.

Spear Phishing

A small, focused, targeted attack via email on a particular person or organization with the goal to penetrate their defenses. The spear phishing attack is done after research on the target and has a specific personalized component designed to make the target do something against their own interest.

Baiting

Baiting means dangling something in front of a victim so that they take action. It can be through a peer-to-peer or social networking site in the form of a (por*) movie download or it can be a USB drive labeled “Q1 Layoff Plan” left out in a public place for the victim to find. Once the device is used or malicious file is downloaded, the victim’s computer is infected allowing the criminal to take over the network.

Rogue

Rogue security software is a form of computer malware that deceives or misleads users into paying for fake or simulated removal of malware. Rogue security software has recently become a growing and serious security threat in desktop computing. It is very popular and there are literally dozens of these programs.

Enure that your company is not a victim of ransomware.
Get a Security Review to audit your current network security, uncover security holes, and test the “phishing tolerance” of your employees and staff. 

Among other things, your Security Review will assess your firewall configs, account configs, password policies, check for open ports, review backup policies, and more.  You’ll know exactly where your vulnerabilities are and have peace of mind knowing that you have minimized your exposure.