Types of Social Engineering Attacks

Types of Social Engineering Attacks

Almost every type of cybersecurity attack contains some kind of social engineering. For example, the classic email and virus scams are laden with social overtones.

Social engineering can impact you digitally through mobile attacks in addition to desktop devices. However, you can just as easily be faced with a threat in-person. These attacks can overlap and layer onto each other to create a scam.

Here are some common methods used by social engineering attackers:

Phishing Attacks

Phishing attackers pretend to be a trusted institution or individual in an attempt to persuade you to expose personal data and other valuables.

Attacks using phishing are targeted in one of two ways:

1. Spam phishing, or mass phishing, is a widespread attack aimed at many users. These attacks are non-personalized and try to catch any unsuspecting person.
2. Spear phishing and by extension, whaling , use personalized info to target particular users. Whaling attacks specifically aim at high-value targets like celebrities, upper management, and high government officials.

Whether it’s a direct communication or via a fake website form, anything you share goes directly into a scammer’s pocket. You may even be fooled into a malware download containing the next stage of the phishing attack. Methods used in phishing each have unique modes of delivery, including but not limited to:

Voice phishing (vishing) phone calls may be automated message systems recording all your inputs. Sometimes, a live person might speak with you to increase trust and urgency.

SMS phishing (smishing) texts or mobile app messages might include a web link or a prompt to follow-up via a fraudulent email or phone number.

Email phishing is the most traditional means of phishing, using an email urging you to reply or follow-up by other means. Web links, phone numbers, or malware attachments can be used.

Angler phishing takes place on social media, where an attacker imitates a trusted company’s customer service team. They intercept your communications with a brand to hijack and divert your conversation into private messages, where they then advance the attack.

Search engine phishing attempt to place links to fake websites at the top of search results. These may be paid ads or use legitimate optimization methods to manipulate search rankings.

URL phishing links tempt you to travel to phishing websites. These links are commonly delivered in emails, texts, social media messages, and online ads. Attacks hide links in hyperlinked text or buttons, using link-shortening tools, or deceptively spelled URLs.

In-session phishing appears as an interruption to your normal web browsing. For example, you may see such as fake login pop-ups for pages you’re currently visiting.

Baiting Attacks

Baiting abuses your natural curiosity to coax you into exposing yourself to an attacker. Typically, potential for something free or exclusive is the manipulation used to exploit you. The attack usually involves infecting you with malware.

Popular methods of baiting can include:

• USB drives left in public spaces, like libraries and parking lots.
• Email attachments including details on a free offer, or fraudulent free software.

Physical Breach Attacks

Physical breaches involve attackers appearing in-person, posing as someone legitimate to gain access to otherwise unauthorized areas or information.

Attacks of this nature are most common in enterprise environments, such as governments, businesses, or other organizations. Attackers may pretend to be a representative of a known, trusted vendor for the company. Some attackers may even be recently fired employees with a vendetta against their former employer.

They make their identity obscure but believable enough to avoid questions. This requires a bit of research on the attacker’s part and involves high-risk. So, if someone is attempting this method, they’ve identified clear potential for a highly valuable reward if successful.

Pretexting Attacks

Pretexting uses a deceptive identity as the “pretext” for establishing trust, such as directly impersonating a vendor or a facility employee. This approach requires the attacker to interact with you more proactively. The exploit follows once they’ve convinced you they are legitimate.

Access Tailgating Attacks

Tailgating , or piggybacking, is the act of trailing an authorized staff member into a restricted-access area. Attackers may play on social courtesy to get you to hold the door for them or convince you that they are also authorized to be in the area. Pretexting can play a role here too.

Quid Pro Quo Attacks

Quid pro quo is a term roughly meaning “a favor for a favor,” which in the context of phishing means an exchange of your personal info for some reward or other compensation. Giveaways or offers to take part in research studies might expose you to this type of attack.

The exploit comes from getting you excited for something valuable that comes with a low investment on your end. However, the attacker simply takes your data with no reward for you.

DNS Spoofing and Cache Poisoning Attacks

DNS spoofing manipulates your browser and web servers to travel to malicious websites when you enter a legitimate URL. Once infected with this exploit, the redirect will continue unless the inaccurate routing data is cleared from the systems involved.

DNS cache poisoning attacks specifically infect your device with routing instructions for the legitimate URL or multiple URLs to connect to fraudulent websites.

Scareware Attacks

Scareware is a form of malware used to frighten you into taking an action. This deceptive malware uses alarming warnings that report fake malware infections or claim one of your accounts has been compromised.

As a result, scareware pushes you to buy fraudulent cybersecurity software, or divulge private details like your account credentials.

Watering Hole Attacks

Watering hole attacks infect popular webpages with malware to impact many users at a time. It requires careful planning on the attacker’s part to find weaknesses in specific sites. They look for existing vulnerabilities that are not known and patched — such weaknesses are deemed zero-day exploits .

Other times, they may find that a site has not updated their infrastructure to patch out known issues. Website owners may choose delay software updates to keep software versions they know are stable. They’ll switch once the newer version has a proven track record of system stability. Hackers abuse this behavior to target recently patched vulnerabilities.

Unusual Social Engineering Methods

In some cases, cybercriminals have used complex methods to complete their cyberattacks, including:

• Fax-based phishing: When one bank’s customers received a fake email that claimed to be from the bank — asking the customer to confirm their access codes – the method of confirmation was not via the usual email / Internet routes. Instead, the customer was asked to print out the form in the email, then fill in their details and fax the form to the cybercriminal’s telephone number.
• Traditional mail malware distribution: In Japan, cybercriminals used a home-delivery service to distribute CDs that were infected with Trojan spyware. The disks were delivered to the clients of a Japanese bank. The clients’ addresses had previously been stolen from the bank’s database.

What is social engineering?

Social Engineering Definition

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.

Scams based on social engineering are built around how people think and act. As such, social engineering attacks are especially useful for manipulating a user’s behavior. Once an attacker understands what motivates a user’s actions, they can deceive and manipulate the user effectively.

In addition, hackers try to exploit a user's lack of knowledge. Thanks to the speed of technology, many consumers and employees aren’t aware of certain threats like drive-by downloads. Users also may not realize the full value of personal data, like their phone number. As a result, many users are unsure how to best protect themselves and their information.

Generally, social engineering attackers have one of two goals:

1. Sabotage: Disrupting or corrupting data to cause harm or inconvenience.
2. Theft: Obtaining valuables like information, access, or money.

What Is Virus?

Computer Virus

Computer viruses are unwanted software programs or pieces of code that interfere with the functioning of the computer. They spread through contaminated files, data, and insecure networks. Once it enters your system, it can replicate to produce copies of itself to spread from one program to another program and from one infected computer to another computer. So, we can say that it is a self-replicating computer program that interferes with the functioning of the computer by infecting files, data, programs, etc.

There are many antiviruses, which are programs that can help you protect your machine from viruses. It scans your system and cleans the viruses detected during the scan. Some of the popular antiviruses include Avast, Quickheal, McAfee, Kaspersky, etc.

Types of Computer Virus:

Overwrite Virus:

It is the simplest computer virus that overwrites the code of the host computer system's file with its own malicious code. The content of the infected file is replaced partially or completely without changing the size of the file. Thus, it destroys the original program code by overwriting it with its defective code. The infected files must be deleted or replaced with a new copy as this virus cannot be removed or disinfected.

Append Virus:

As the name suggests, this virus appends its malicious code to the end of the host program's file. After that, it alters the file's header in a way that the file's header is redirected to the start of the malicious code of the append virus. Thus, this code is executed each time the program runs. However, it does not destroy the host program; rather, it modifies it in a way that it holds the virus code and enables the code to run itself.

Macro Virus

Macro virus alters or infects the macros of a document or data file. It is embedded as a macro in a document and adds its codes to the macros of the document. The virus spreads when infected documents or data files are opened in other computers.

It also spreads through software programs, which execute macros such as Ms Word, Ms Excel. Each time a document is opened using these programs, other related documents will also get infected.

The first macro virus, which was named concept, spread through emails with attached Ms Word documents. It infected MsWord 6.0 and Ms Word 95 documents, which were saved using Save As option. Fortunately, it did not cause any harm, except for displaying a message on the screen.

Boot Virus

Boot virus or boot sector virus alters the boot sector program stored in the hard disk or any other storage device such as floppy disks. It replaces the boot sector program with its own malicious version. It infects the computer only when it is used to boot up the computer. If it enters after the boot-up process, it will not infect the computer. For example, if someone forgets to remove the infected floppy disk when the pc is turned off and then turns on this pc, it runs the infected boot sector program during the booting process.

Usually, it enters into your system through corrupt media files, infected storage devices, and insecure computer networks. The spread of this virus is very rare these days due to the decline in the use of floppy disk and use of boot-sector safeguards in the present-day operating systems.

Resident Virus

The resident virus stays permanently in the primary memory (RAM) of the computer. When you start the computer, it becomes active and corrupts the files and programs running on the computer.

Non-resident Virus:

Unlike the resident virus, the non-resident virus does not reside in the memory of a computer. So, it is not executed from the computer's memory. For example, executable viruses.

Multipartite Virus

Multipartite virus spreads and infects in multiple ways. It infects both the boot sector and the executable files stored on the hard drive simultaneously. When you turn on a computer, the boot sector virus is triggered as it latches on to the hard drive, which has the data for starting up the computer. Once it is triggered, the program files also get infected.

File Infector Virus

It is one of the commonly found computer viruses. It mainly infects the executable files; the files with .com or .exe extensions. The virus becomes active when the infected file is executed. The active virus overwrites the file partially or completely. Thus it may destroy the original file partially or completely.

Computer Worm

Computer worm is similar to a virus but is technically different from the virus. It can replicate and spread like a virus, but unlike viruses, it does not need a host program to spread. Being able to self-replicate it can produce multiple copies of itself. It spreads through networks such as an email sent to an infected email id can infect your system with a computer worm.

Trojan Horse

Trojan horse is a malware like a virus or a worm, but it is technically different from both. It can't replicate like virus and worm. Trojan horse hides itself in a program. Once you install any such program, the trojan horse enters into your computer. It can provide unauthorized access to your computer, send your files to other computers, and may delete files or can make other unwanted changes in your computer.

Cavity virus:

It is also known as a spacefiller virus. As the name suggests, this virus tends to install itself by occupying the empty sections of a file. It is not easy to detect this virus as it fills the empty spaces without changing the size of the file.

CMOS Virus:

It infects the CMOS, which stands for complementary metal-oxide semiconductor and is a memory chip that contains the system configuration. This virus can erase or reset the system configuration.

Companion Virus:

It resides itself in a file whose name is similar to another program file, which is executed normally. When the program file is executed, the virus gets activated and performs malicious steps such as deleting the files on your computer hard drive. Globe virus is a first known companion virus, which was found in 1992.

Encrypted Virus:

It encrypts its payload to make its detection more difficult. It comprises two parts: an encrypted virus body and a decryptor, which decrypts the virus when it is executed. After decryption, the virus can execute itself in order to replicate and become a resident. Furthermore, it is different from cryptolocker, which is a computer virus that encrypts the hard drive data and holds it for ransom.

Executable Virus:

It is a non-resident computer virus, which resides in an executable file. Whenever the infected file is executed, it infects the other files.

Polymorphic Virus:

It creates its thousands of copies itself; in each copy, it changes the sequence and byte values to evade detection by antivirus software. Even the best antiviruses may not be able to detect this virus. Polymorphic viruses affect data types and functions and generally spread through spam, infected sites, and while using other malware.

Rabbit Virus:

It is also known as wabbit, a fork bomb. It is capable of creating new processes, and each of the new process further creates new processes. This process continues until this virus utilizes all the available resources in the system and system falls short of resources. It may cause the target system to slow down and crash. For example, it is like an Infinite loop that repeatedly creates processes that consume lots of CPU cycles and operating system resources.

Stealth Virus:

It is a hidden computer virus, which specifically attacks operating system processes. It usually hides itself in partitions, files or boot sectors and is capable of going unnoticed during antivirus or anti-malware scans, i.e., it can avoid detection intentionally.

Types of Hackers

Hackers can be classified into three different categories:

1. Black Hat Hacker
2. White Hat Hacker
3. Grey Hat Hacker

Black Hat Hacker

Black-hat Hackers are also known as an Unethical Hacker or a Security Cracker. These people hack the system illegally to steal money or to achieve their own illegal goals. They find banks or other companies with weak security and steal money or credit card information. They can also modify or destroy the data as well. Black hat hacking is illegal.

---

White Hat Hacker

White hat Hackers are also known as Ethical Hackers or a Penetration Tester. White hat hackers are the good guys of the hacker world.

These people use the same technique used by the black hat hackers. They also hack the system, but they can only hack the system that they have permission to hack in order to test the security of the system. They focus on security and protecting IT system. White hat hacking is legal.

---

Gray Hat Hacker

Gray hat Hackers are Hybrid between Black hat Hackers and White hat hackers. They can hack any system even if they don't have permission to test the security of the system but they will never steal money or damage the system.

In most cases, they tell the administrator of that system. But they are also illegal because they test the security of the system that they do not have permission to test. Grey hat hacking is sometimes acted legally and sometimes not.

What is hacking?

What is hacking?

Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. And while hacking might not always be for malicious purposes, nowadays most references to hacking, and hackers, characterize it/them as unlawful activity by cybercriminals—motivated by financial gain, protest, information gathering (spying), and even just for the “fun” of the challenge.