PowerDMARC

Types of Social Engineering Attacks in 2022

Social Engineering Attacks

Social Engineering Attacks

Before diving into the types of social engineering attacks that victims fall prey to on a daily basis, along with upcoming attacks that have taken the internet by a storm, let’s first briefly get into what social engineering is all about. 

To explain it in layman’s terms, social engineering refers to a cyberattack deployment tactic where threat actors use psychological manipulation to exploit their victims and defraud them.

Social Engineering: Definition and Examples

What is a social engineering attack?

As opposed to cybercriminals hacking into your computer or email system, social engineering attacks are orchestrated by trying to influence a victim’s opinions into manoeuvering them to expose sensitive information. Security analysts have confirmed that more than 70% of cyberattacks that take place on the internet on an annual basis are social engineering attacks.

Social Engineering Examples

Take a look at the example shown below:

 

Here we can observe an online advertisement luring the victim in with a promise to earn $1000 per hour. This ad contains a malicious link that can initiate a malware installation on their system. 

This type of attack is commonly known as Online Baiting or simply Baiting, and is a form of social engineering attack. 

Given below is another example:

As shown above, social engineering attacks can also be perpetrated using email as a potent medium. A common example of this is a Phishing attack. We would be getting into these attacks in more detail, in the next section.

Types of Social Engineering Attacks

1. Vishing & Smishing

Suppose today you get an SMS from your bank (supposedly) asking you to verify your identity by clicking on a link, or else your account will be deactivated. This is a very common message that is often circulated by cybercriminals to fool unsuspecting people. Once you click on the link you are redirected to a spoofing page that demands your banking information. Rest assured that if you end up providing your bank details to attackers they will drain your account. 

Similarly, Vishing or Voice phishing is initiated through phone calls instead of SMS.

2. Online Baiting / Baiting 

We come across a range of online advertisements every single day while browsing websites. While most of them are harmless and authentic, there might be a few bad apples hiding in the lot. This can be identified easily by spotting advertisements that seem too good to be true. They usually have ridiculous claims and lures such as hitting the jackpot or offering a huge discount.

Remember that this may be a trap (aka a bait). If something appears too good to be true, it probably is. Hence it is better to steer clear of suspicious ads on the internet, and resist clicking on them.

3. Phishing

Social engineering attacks are more often than not carried out via emails, and are termed Phishing. Phishing attacks have been wreaking havoc on a global scale for almost as long as email itself has existed. Since 2020, due to a spike in email communications, the rate of phishing has also shot up, defrauding organizations, large and small, and making headlines every day. 

Phishing attacks can be categorized into Spear phishing, whaling, and CEO fraud, referring to the act of impersonating specific employees within an organization, decision-makers of the company, and the CEO, respectively.

4. Romance scams

The  Federal Bureau of Investigation (FBI) defines internet romance scams as “ scams that occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.” 

Romance scams fall under the types of social engineering attacks since attackers use manipulative tactics to form a close romantic relationship with their victims before acting on their main agenda: i.e. scamming them. In 2021, Romance scams took the #1 position as the most financially damaging cyberattack of the year, closely followed by ransomware.

5. Spoofing

Domain spoofing is a highly evolved form of social engineering attack. This is when an attacker forges a legitimate company domain to send emails to customers on behalf of the sending organization. The attacker manipulates victims into believing that the said email comes from an authentic source, i.e. a company whose services they rely on. 

Spoofing attacks are hard to track since emails are sent from a company’s own domain. However, there are ways to troubleshoot it. One of the popular methods used and recommended by industry experts is to minimize spoofing with the help of a DMARC setup.

6. Pretexting

Pretexting can be referred to as a predecessor of a social engineering attack. It is when an attacker weaves a hypothetical story to back his claim of sensitive company information. In most cases pretexting is carried out via phone calls, wherein an attacker impersonates a customer or employee, demanding sensitive information from the company. 

What is a common method used in social engineering?

The most common method used in social engineering is Phishing. Let’s take a look at some statistics to better understand how Phishing is a rising global threat:

How to protect yourself from Social Engineering attacks?

Protocols and tools you can configure: 

Personal measures you can take:

Exit mobile version