Social engineering, Phishing

The simple, yet complex nature of social engineering

September 27, 2021
Today’s columnist, Andrey Barashkov of DataArt, says that hackers will continue to impersonate popular brands such as Amazon, but continued vigilance and employee education can help companies mitigate many of these attacks. (Photo by David Ryder/Getty Images)
  • Personal information theft (names, addresses, or social security numbers).
  • A redirect to suspicious websites that host phishing landing pages.
  • Manipulation to take immediate action (by incorporating threats, fear in a phishing scam).
  • Vishing and smishing. These phishing campaigns follow-up an email with a fraudulent phone call or SMS/text messaging. An attacker pressures a victim to click on the phishy email in real time. This encourages the target to click the email and activates the virus.
  • Baiting. Puts something desirable in front of targets to coax them into the social engineering trap. A simple example: Handing out free USB drives to employees that, once loaded, activate malicious software.
  • Evil twin. This type of attack uses a fake Wi-Fi hotspot that looks legitimate but can intercept data during transfer. This approach makes it easy to collect confidential data that is transferred during the connection.
  • Scareware. Fraudsters create pop-up banners with a security warning. This kind of attack plays on human fears and lures you into visiting malicious websites.
prestitial ad