It is hard to believe that a cyber criminal will get information by just asking us for it and how many fall victim to attacks.
Five commons forms of social engineering:
- Baiting - These attacks use a false promise to pique a
victim’s curiosity. They lure users into a trap that steals their personal
information or inflicts their systems with malware.
- Scareware - involves victims being bombarded with false
alarms and fictitious threats. Users think their system is infected with
malware, which prompts them to install software that has no real benefit (other
than for the perpetrator) or is malware itself.
- Pretexting – The attacker obtains information through a
series of lies. The scam is often initiated by a perpetrator pretending to need
sensitive information from a victim so as to perform a critical
task.
- Phishing – These scams are the most common, and are
email and text messages aimed at creating a sense of urgency. The scammer then
prods the victim into revealing sensitive information, clicking on links to
malicious websites, or opening attachments that contain
malware.
- Spear phishing is a more targeted version of the
phishing scam in which an attacker chooses a specific individual usually based
on characteristics, job positions and contacts that belong to their victims in
order to make their attack less conspicuous.