What is Social Engineering?
Social engineering is a technique cybercriminals use to coax and trick people into giving away confidential information or money. These attackers rely on trust between two parties to steal personal information and commit cybercrimes.
Examples are many – emails, phones, or text messages coming from friends can coax individuals to act without checking. A cybercriminal might befriend an employee and get him to divulge company passwords. It may also be an email from a company ID asking for the password. A company executive may disclose the password without verifying the genuineness of such emails and put the entire business network at risk.
It is difficult to guard against social engineering attacks as it utilizes human behavior to catch the victim off guard.
Importance of Social Engineering Training
Social Engineering is a very effective form of cybercrime and can cause financial loss, a decline in employee morale, loss of productivity, and downtime. There is only one recourse – Train your employees.
Anvaya’s Social Engineering Training Services
At Anvaya, we have focused on building a focused Social Engineering Training program as we see thousands of instances of social engineering-driven crimes in businesses. and society.
Components of our training program are:
- Understanding the type of social engineering attacks
- Understanding how attackers play on emotions and human psychology
- Preventing tailgating and unauthorized access – physical as well as virtual
- Understanding your organization’s IT protocols – What your IT support team can access, the information they can ask, precautions the employee must use, etc.
- Best practices for setting passwords.
- How to not become a victim
9 Techniques of Social Engineering Attacks
Social engineering attacks happen with nine common techniques:
| Phishing
Phishing refers to tactics such as deceptive emails, cloned websites, phone calls, and text messages to steal personally identifiable, financial, and confidential information. It is challenging to catch phishing attackers as they hide behind the same emails, phone devices, and websites they use to carry out attacks. |
Spear Phishing
A slightly variant form of phishing, spear phishing, refers to email-based phishing attacks against specific targets. |
Baiting
As the name suggests, cybercriminals use baits or rewards to lure the targets—for instance, a promise of a free coupon or download in exchange for personal information. Then the same information is used to launch focused attacks. |
| Water-holing
Water-holding targets a group of websites visited by users. The crime utilizes a vulnerability in the website to infect the website with malware and attack the targeted users. |
Vishing
Voicemail-based phishing is now common as well. The criminal asks the users to reset their bank information or gives a number to call back or lures the target away from the home to execute a physical or a virtual attack. |
Pretexting
Pre-texting means that the user knows a certain pre-text. For instance, SIM Cloners may ask the user about the service experience post changing or upgrading a SIM. They know that the target upgraded the SIM recently. On the pretext of improving the quality of service, they may ask for OTPs and use them to clone the SIM. By the time the target understands what has transpired, many financial crimes are committed. |
| Quid Pro-Quo
This term refers to getting the victim to provide information in exchange for a benefit or service—for instance, impersonation of an IT support agent to obtain login credentials while supporting a minor ticket. |
Malware
In malware attacks, cybercriminals trick victims into believing that there is a virus or malware on their computer, and if they pay, they can have it removed. Malware attacks can be used to commit multiple crimes. |
Tailgating
Tailgaiting is a physical, social engineering attack technique that relies on trust to get physical access to a secure area. |
