• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Find a partner
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • DMARC in Your Country
    • DMARC by Industry
    • Support
    • Blog
    • DMARC Training
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

Types of Social Engineering Attacks in 2022

Blogs
Social Engineering Attacks

Before diving into the types of social engineering attacks that victims fall prey to on a daily basis, along with upcoming attacks that have taken the internet by a storm, let’s first briefly get into what social engineering is all about. 

To explain it in layman’s terms, social engineering refers to a cyberattack deployment tactic where threat actors use psychological manipulation to exploit their victims and defraud them.

Social Engineering: Definition and Examples

What is a social engineering attack?

As opposed to cybercriminals hacking into your computer or email system, social engineering attacks are orchestrated by trying to influence a victim’s opinions into manoeuvering them to expose sensitive information. Security analysts have confirmed that more than 70% of cyberattacks that take place on the internet on an annual basis are social engineering attacks.

Social Engineering Examples

Take a look at the example shown below:

types of social engineering

 

Here we can observe an online advertisement luring the victim in with a promise to earn $1000 per hour. This ad contains a malicious link that can initiate a malware installation on their system. 

This type of attack is commonly known as Online Baiting or simply Baiting, and is a form of social engineering attack. 

Given below is another example:

types of social engineering

As shown above, social engineering attacks can also be perpetrated using email as a potent medium. A common example of this is a Phishing attack. We would be getting into these attacks in more detail, in the next section.

Types of Social Engineering Attacks

1. Vishing & Smishing

types of social engineering

Suppose today you get an SMS from your bank (supposedly) asking you to verify your identity by clicking on a link, or else your account will be deactivated. This is a very common message that is often circulated by cybercriminals to fool unsuspecting people. Once you click on the link you are redirected to a spoofing page that demands your banking information. Rest assured that if you end up providing your bank details to attackers they will drain your account. 

Similarly, Vishing or Voice phishing is initiated through phone calls instead of SMS.

2. Online Baiting / Baiting 

types of social engineering

We come across a range of online advertisements every single day while browsing websites. While most of them are harmless and authentic, there might be a few bad apples hiding in the lot. This can be identified easily by spotting advertisements that seem too good to be true. They usually have ridiculous claims and lures such as hitting the jackpot or offering a huge discount.

Remember that this may be a trap (aka a bait). If something appears too good to be true, it probably is. Hence it is better to steer clear of suspicious ads on the internet, and resist clicking on them.

3. Phishing

Social engineering attacks are more often than not carried out via emails, and are termed Phishing. Phishing attacks have been wreaking havoc on a global scale for almost as long as email itself has existed. Since 2020, due to a spike in email communications, the rate of phishing has also shot up, defrauding organizations, large and small, and making headlines every day. 

Phishing attacks can be categorized into Spear phishing, whaling, and CEO fraud, referring to the act of impersonating specific employees within an organization, decision-makers of the company, and the CEO, respectively.

4. Romance scams

The  Federal Bureau of Investigation (FBI) defines internet romance scams as “ scams that occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.” 

Romance scams fall under the types of social engineering attacks since attackers use manipulative tactics to form a close romantic relationship with their victims before acting on their main agenda: i.e. scamming them. In 2021, Romance scams took the #1 position as the most financially damaging cyberattack of the year, closely followed by ransomware.

5. Spoofing

Domain spoofing is a highly evolved form of social engineering attack. This is when an attacker forges a legitimate company domain to send emails to customers on behalf of the sending organization. The attacker manipulates victims into believing that the said email comes from an authentic source, i.e. a company whose services they rely on. 

Spoofing attacks are hard to track since emails are sent from a company’s own domain. However, there are ways to troubleshoot it. One of the popular methods used and recommended by industry experts is to minimize spoofing with the help of a DMARC setup.

6. Pretexting

Pretexting can be referred to as a predecessor of a social engineering attack. It is when an attacker weaves a hypothetical story to back his claim of sensitive company information. In most cases pretexting is carried out via phone calls, wherein an attacker impersonates a customer or employee, demanding sensitive information from the company. 

What is a common method used in social engineering?

The most common method used in social engineering is Phishing. Let’s take a look at some statistics to better understand how Phishing is a rising global threat:

  • The 2021 Cybersecurity Threat Trends report by CISCO highlighted that a whopping 90% of data breaches take place as a result of phishing
  • IBM in their Cost of a Data Breach Report of 2021 delegated the title of most financially costing attack vector to phishing
  • With each year, the rate of phishing attacks has been found to increase by 400%, as reported by the FBI

How to protect yourself from Social Engineering attacks?

Protocols and tools you can configure: 

  • Deploy email authentication protocols at your organization like SPF, DKIM, and DMARC. Start by creating a free DMARC record today with our DMARC record generator.
  • Enforce your DMARC policy to p=reject to minimize direct domain spoofing and email phishing attacks
  • Make sure your computer system is protected with the help of an antivirus software

Personal measures you can take:

  • Raise awareness in your organization against common types of social engineering attacks, attack vectors, and warning signs
  • Educate yourself regarding attack vectors and types. Visit our knowledge base, enter “phishing” in the search bar, hit enter, and start learning today!  
  • Never submit confidential information on external websites
  • Enable caller ID identification applications on your mobile device
  • Always remember that your bank will never ask you to submit your account information and password via email, SMS, or call
  • Always recheck the mail From address and Return-path address of your emails to ensure that they are a match 
  • Never click on suspicious email attachments or links before being 100% sure about the authenticity of their source
  • Think twice before trusting people you interact with online and do not know in real life
  • Do not browse websites that are not secured over an HTTPS connection (e.g. http://domain.com)

types of social engineering

  • About
  • Latest Posts
Syuzanna Papazyan
Syuzanna works as a Visual Designer at PowerDMARC.
She is artistic person with innovative ideas and designs.
Latest posts by Syuzanna Papazyan (see all)
  • Types of Domain Vulnerabilities You Should be Aware of - August 18, 2023
  • How to Implement Mail Domain Authentication in Your Email Infrastructure - February 22, 2023
  • How to fix “SPF alignment failed”? - January 3, 2023
April 1, 2022/by Syuzanna Papazyan
Tags: baiting, online baiting, social engineering, social engineering definition, social engineering examples, types of social engineering, what is a common method used in social engineering
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail
You might also like
Why Do Cyber Attackers Commonly Use Social Engineering AttacksWhy Do Cyber Attackers Commonly Use Social Engineering?
What is Social Engineering 01What is Social Engineering?
How Can You Protect Yourself From Social EngineeringHow can you Protect yourself from Social Engineering Attacks?

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Methods To Protect Yourself From Identity Theft
    Methods To Protect Yourself From Identity TheftSeptember 29, 2023 - 12:11 pm
  • The Role of DNS in Email Security
    The Role of DNS in Email SecuritySeptember 29, 2023 - 12:08 pm
  • New Age Phishing Threats and How To Plan Ahead
    New Age Phishing Threats and How to Plan AheadSeptember 29, 2023 - 12:06 pm
  • How to View and Analyze Message Headers Online
    How to View and Analyze Message Headers Online?September 26, 2023 - 12:59 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
How to Fix “ SPF Softfail Domain Does Not Designate IP as Permitted Sender...SPF SoftfailSPF all vs allThe Difference between SPF -all and SPF ~all | SPF -all vs ~all
Scroll to top