26. February 2018 21:39
Social engineering as the name suggests deals with exploiting the human element in the cyber chain. The hackers make an attempt to bait human psyche to divulge sensitive & confidential information.
In this type of attack cyber criminals need not design sophisticated softwares and operating systems containing malware. Rather it is an act of psychological manipulation.
Here we have listed some common techniques of launching social engineering attacks –
• Baiting – In this type of attack, hackers hit the human’s curiosity and greed. Once the user is duped, a malware is injected in their system and they steal away user’s confidential information. They lure in people with free music and movie downloads and make them part with their login credentials.
Also, attackers might just drop in some flash drives or USB’s near a company building. Now an inquisitive employee comes into picture, who out of his/her curiosity connects the drive or USB to company’s computer. This way the malware is injected and virus spreads throughout the company network.
• Pretexting – As the name suggests, the hacker pretexts and drafts clever questions to elicit user’s confidential information. They generally masquerade their identity and impersonate as a trust worthy authority. From name, address, phone details, social security number to bank records, attackers can gather all types of information. They can be around you, acting as your co-worker, insurance agent, prospective employee, tax official etc. so you must always be extra careful before providing such sensitive information to anyone.
• Scareware – It aims at inciting fear in the mind of users. The attacker sends fictitious threat notes and makes them believe that their system is injected with virus. In all the panic, users often install a fake anti-virus software that itself contains the malware for a problem that doesn’t even exist. It may be distributed through emails and is often called fraudware.
• Shoulder Surfing – This technique involves directly observing or stalking someone to garner confidential information. A social engineer might just overlook your login information or even your ATM pin. Just with a glace, they are able to figure out the necessary information leaving you vulnerable to a social engineering attack.
• Quid Pro Quo Attack – It is quite similar to baiting. However, in this type of attack the hacker promises a service or benefit in exchange of some information or access. Generally the hacker impersonates as an IT professional and promises to solve the user’s problem or offers some software upgrade in exchange of passwords & access codes.
How To Prevent Social Engineering Attacks –
- Don’t click on suspicious links and websites.
- Keep your system updated.
- Install an antivirus on your system.
- Use multilayer authentication criteria.
- Be extra conscious and alert while disposing off documents containing sensitive information.
- Use different passwords for different logins.
- Back up your data regularly.
- Organize employee training programs.
For more information, contact Centex Technologies at (972) 375 - 9654.