Social engineering is widely used by malware creators and cybercriminals due to its high efficiency in deceiving users. It is when malicious code writers and other types of attackers prepare specific deception tactics that they begin to use social engineering. The more authentic the message, the more credible the source, and the more gullible the user, the more likely an attacker will achieve their goal and spread malware.
TYPES OF SOCIAL ENGINEERING ATTACKS.
PHISHING: This social engineering attack consists of impersonating a person, company or institution so that the victim can trust and act by clicking on it or providing us with important information. This technique is even more dangerous when directed at specific targets, such as employees who have access to multiple organizational systems. In this case, the attack is called spear phishing. Bank phishing and executive CEO fraud are among the most common and often involve identity theft.
SEXTORSION: This social engineering attack consists of blackmailing victims to send money to the person carrying out the attack in exchange for not sharing harmful images or videos on the Internet. Sometimes they have such
leaks, but in many cases it is a lie or a trap.
SMISHING: This social engineering attack consists of sending text messages (SMS) with malicious links to obtain private information. This technique is very effective (for criminals) because people tend to trust text messages more than emails. Social engineers usually send a text message explaining that if you don't click on a link and
enter your personal information, you will engage in certain negative activity. Therefore, it is important not to respond to SMS or click on any links unless we know the previous number and wait for the
previous information. Always compare all text messages with the link in the
sender.
VISHING: This social engineering attack involves impersonating a trusted source over the phone to trick victims into providing their personal data for supposed security reasons.
Here's how it works: First, the victim receives a text message, supposedly from a financial institution, saying that someone is illegally using their bank account or that a problem (usually urgent) needs to be resolved. Immediately afterwards, the victim received a call from the alleged operator requesting his personal and banking information.
Read also: steps to avoid Social Engineering
Reference.
