Forms of Social Engineering

Social engineering is a scam that uses psychological manipulation to extract information from people.

Using these methods, cybercriminals try to manipulate victims and get these people to do what they want.

Its purpose is usually to obtain confidential information or access the computer equipment of the victims.

Social engineering can take many forms, and technological advances mean that new types appear from time to time.

Within social engineering, we can distinguish two groups:

Hunting: These attacks seek to affect the most significant number of users with the least possible exposure. With a single communication (e.g. Phishing).

Farming: the aim is to maintain the deception for as long as possible, trying to obtain a large amount of information (e.g. coercing the victim with a supposedly intimate video or deleting their company data).

The Most Used Forms of Social Engineering are the Following:

Phishing

It is one of the most well-known and currently used forms of social engineering.

It usually consists of email or text messages impersonating some authority figure, bank, public body, etc., to obtain specific information.

They pose as one of these figures and usually convey a sense of urgency to cause the victim to act without thinking, having to work immediately.

The information they pursue can be your username and password, the number and passwords of your bank account.

ALSO READ : BEST EXTENSIONS FOR YOUR BROWSER

Spear Phishing

In this case, the attack is direct at the employees of a particular company or organization.

The cybercriminal investigates the interests of an employee through the information provided by the searches they do on the Internet and their profiles on social networks.

Once it knows the victim. It starts sending them emails on topics they might be interested in to get them to click on a malicious link.

If it succeeds, the malicious software is installed on the computer and can quickly spread to other computers within the company network.

ALSO READ : PASSWORD MANAGER

Vishing

Through telephone calls and supplanting some organization or service company, the aim is to deceive the victim to obtain certain private information.

Smishing

The target receives a text message asking them to click on a link or download an app. Doing so can download malware to your mobile phone that can capture your personal information.

Social Network Scams

They try to develop the trust of their sufferers and trick them by creating fake profiles.

Baiting

It consists of leaving external memories with some malware in a specific place so that someone can find it and infect your computer when inserting the pen drive.

ALSO READ : GOOGLE EVENT 2022

Shoulder Surfing

The cybercriminal spies over the Shoulder of a careless user to see the unlock pattern, pin or some password they are typing.

Tailgating

Pretending to have lost the access card and using someone’s solidarity. They manage to enter a restricted area or organization without authorization.

Dumpster Diving

However. It is about searching through the garbage for documents or papers with personal or financial information that the victim has thrown away.

ALSO READ : CINEMA AND TECHNOLOGY

Pretexting

They pose, for example, as a computer support employee of the company where the victim works.

Using a pretext. Such as the need to install software on your computer, you can take control of that computer and take the opportunity to install some malicious program.

However. In the face of these attacks. The best advice to apply is common sense and to ensure the origin of the messages. Calls, etc., before carrying out any action that could compromise your data.