What is social engineering? Attack technique & how to prevent it

Social engineering is the art of manipulating people, so they give up confidential information or make mistakes when logging in or accessing their computers. For example, social engineers can trick someone into revealing their password by pretending to be tech support, a bank employee, or posing as a long-lost friend.

How do they do it? Hackers often use social engineering attacks to entice users to give up information or help them gain access to a system. There are many different ways in which these attacks can be carried out. For example, an attacker might pretend to be a bank employee, tricking a user into giving up their online banking password. Or they might try to gain access to a system by sending a phishing email that appears to come from a legitimate company.

How can I protect against these attacks? It would be best if you took the following precautions to protect yourself from social engineering attacks:

* Be wary of unsolicited emails or phone calls requesting personal information, such as your social security number, bank account number, or credit card number.

* Do not open attachments or follow links in emails or text messages unless you know the sender.

* Never reveal your password, user name, or PIN to anyone over the phone, in person, or online unless you are sure the person contacting you is legitimate.

Phishing is a social engineering attack that uses email and the Internet to target individuals and business entities and attempt to acquire sensitive information by masquerading as trustworthy entities.

Baiting: In this form of social engineering, the attacker tries to entice a victim into disclosing information by posing as a trusted individual or organization. For example, a phishing email will direct the victim to a counterfeit log-in page linked with whatever service the hacker wants the user to access. Once the victim has accessed the fake page, it will send the information entered to the hacker. In this case, the hacker would usually target banking and email accounts.

Deceptive phishing is a variation of phishing in which the attacker poses as a legitimate company and tricks the victim into providing confidential information via a misleading URL. The attacker might create a landing page that looks like the actual website, but the link takes the victim to a different website that asks for confidential information like passwords and usernames.

‍

1. Most Common Schemes (https://www.utica.edu/academic/institutes/cimip/idcrimes/schemes.cfm)

2. Social Engineering (https://www.investopedia.com/terms/s/social-engineering.asp)

3. How To Crack Passwords And Strengthen Your Credentials Against Brute-Force (https://www.simplilearn.com/tutorials/cyber-security-tutorial/how-to-crack-passwords)

4. Different Types of Phishing Attacks (https://www.fortinet.com/resources/cyberglossary/types-of-phishing-attacks)