What is Social Engineering: how it works & examples of methods used

Originally Posted by ClueWorks – Remote Worker International

What is social engineering? Social engineering is one of the cyber attacks carried out by exploiting human error. You must be careful with these attacks so that personal information can remain protected.

Some time ago, social media Instagram was enlivened with a new trend called “Add Yours”. Instagram users can respond to other users ‘ Instagram stories about a topic but with a version of themselves.

For example, an Instagram user uploads ootd (Outfit of the Day) content and then puts an “Add Yours” sticker inside his Insta Story. In this way, followers of these users can also comment by uploading their own version of ootd content.

This feature is actually very interactive, but unfortunately many irresponsible people who actually use the feature to perform social engineering actions. They create “Add Yours ” content by asking people to submit something personal, such as ID numbers, signatures, nicknames, etc. The data is then collected to commit other fraudulent acts.

The criminals of the world are always looking for ways to get personal data. Therefore, when exploring the virtual world, you must remain vigilant with a variety of social engineering attacks.

So that you can better understand what social engineering is, here we provide more info for you.

What Is Social Engineering?

Social engineering is a manipulation technique that exploits human error to obtain personal information, access to an account, or valuables. Criminals in the world understand that humans become the weakest chain on the security system. Therefore, they try to do social engineering techniques so that users want to provide sensitive data.

In cyberspace, these “human hacking ” scams tend to successfully expose data, spread malware infections, or steal access to unsuspecting users. This could happen because criminals exploit the user’s lack of knowledge about cyber security.

In general, criminals carry out social engineering attacks because it is based on several objectives, namely:

  1. Sabotage: criminals want to disrupt, damage or exploit the data obtained for actions that cause harm to the target victim.
  2. Theft: Criminals Want to get valuable things like personal information, access, or money.

How Is Social Engineering Done?

When performing social engineering techniques, criminals will generally perform manipulation by communicating with the target victim. This is done because criminals believe that the success of social engineering techniques depends on the target’s trust in them.

Broadly speaking, here are some steps taken by criminals when doing social engineering:

1. Preparation

Criminals will prepare by collecting various information about the victim’s background. Examples such as the place of work, the group or organization followed, the name of the Bank company used, and others.

2. Infiltration

With the background info already obtained, criminals will approach the victim. Usually they will disguise themselves as someone from a reliable source. For example, from the company where they work, the bank, or something else.

3. Exploitation

Once the target victim trusts the undercover criminal, then the criminal will then begin to exploit the victim. They will ask for sensitive information such as account credential, ID Number, Account Number, and others. In addition, cybercriminals also often encourage victims to open malicious links.

4. Disengagement

Once the criminals manage to obtain sensitive info, they will then disappear and stop communicating with the target victim. They will then use the data that has been obtained to perform actions that harm the victim.

Social Engineering Attack Methods

Once you know what social engineering is and how it works, here are some types social engineering methods:

1. Phishing

Phishing is a social engineering attack in which criminals will pretend to be a trusted person or company to trick the target victim. This is done so that victims are willing to share sensitive information, open malicious links, or send them money.

This attack is usually carried out through email, SMS, or over the phone. Phishing is the most common method when criminals perform social engineering attacks.

Read Also: 3 ways you can recognize Phishing emails

2. Baiting

As the name implies baiting attack (bait) is done by providing bait. Baiting is an attack that exploits the curiosity of the target victim. Criminals usually use baits with valuable goods or free services.  For example, by persuading the victim to open a malicious link that looks like a free download of music, movies, or software. When the target victim is persuaded to do so, then criminals can spread malware on the victim’s device.

In addition to being done through the internet, baiting techniques can also be done offline. Criminals usually do so by leaving flash disks already infected with malware in public places such as public toilets, elevators, parking lots or others. When the victim takes the bait and puts it on a work or home computer, the malware will be installed automatically on the system.

3. Quid Pro Quo

Quid Pro Quo is a social engineering attack that promises benefits for an exchange of information. Criminals can pretend to work for a professional agency and ask victims to provide sensitive data. In return, criminals will give giveaways or gifts to target victims. But in reality, the main purpose of criminals is simply to obtain sensitive data without and will not give any reward to their victims.

Read Also: The 3 most common causes of Cyber Crime

Conclusion

The above information helps you understand what social engineering is. From the explanation we have already told, it can be known that today cybercriminals can do various things to obtain sensitive data. As internet users, we must continue to increase cyber security awareness and it is not easy to share personal data with unknown people.

If you are the owner of the company, you need to make sure that all of your employees can safeguard sensitive company data. In addition, the company system you use must also have a strong security system. To help ensure that your company already has good cyber security, you can work with LOGIQUE’S IT security team. Our team will conduct penetration testing to look for security gaps in the system that can be exploited by cybercriminals.

Please contact us or click pentest International services to get more information.

Thanks for visit clueworks, if u want to know more about us. See another article that we share, sure all actual and good information for y’all.

You may also like...

Leave a Reply

Your email address will not be published.