wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Social Engineering Deceptions and Defenses

profile
Harshkumar Koladiya
Oct 04, 2022
2 Likes
0 Discussions
171 Reads

Social engineering is the act of exploiting people. It can be done by speaking with someone in person, by phone, email, or other means. The goal of a social-engineering attack is often to get a person to do something that they wouldn't normally do (like divulge information). It's called social engineering because the attacker works on engineering human beings.  Social engineering attacks use human interaction and information gathering techniques. Social engineering attacks involve manipulating people into performing actions or divulging confidential information that will give the attacker access to information or a system they are not supposed to have access to. While social engineering attacks are often perpetrated by hackers, anyone can fall victim to them, including employees and members of the public. Here’s what you need to know about social engineering and how to protect yourself from them as best you can.

 

The social engineering attacks can be grouped into three types:

Human-based - These include scams that rely on deception or manipulation techniques like phishing, confidence tricks, phone impersonation (Vishing), security breaches using insider knowledge such as a hacker accessing a victim's computers with their credentials for a financial institution (Credential Harvesting), or any attack where the target relies on his or her judgment in doing business. An example is when callers pretend to be from Microsoft Tech Support but you find out later they are really not.

Mobile-based - These involve attacks targeting wireless networks by exploiting weaknesses in wireless protocols and encryption systems such as Wi-Fi, Bluetooth, GPS location data transmission, near field communication (NFC) technology, radio frequency identification (RFID) tags used to track inventory. These attacks can take place while browsing the web or even at retail stores scanning items you may want to purchase through your smart phone.

Computer-based - These are primarily aimed at compromising personal data stored on personal computers including home networks. Attackers might access databases containing credit card numbers or other sensitive information about victims stored locally by exploiting software vulnerabilities or even cracking passwords offline by guessing them one character at a time until it matches what has been typed so far or eventually finding a match.

 

The different types of social engineering attacks with Example:

Phishing: The act of sending someone an email that looks authentic but is actually a scam designed to steal information. Example: You receive an email from your bank that asks you for your account number, even though you didn't log in recently or give permission for the company to have it.

Malware Attack: The act of using malicious software like viruses or spyware on the target system, usually without their knowledge. Example: You get a pop-up asking you if you want it scan your computer for malware.

DDoS Attack: A Distributed Denial of Service attack is when more than one system attacks one system with requests at the same time, shutting it down. An example would be when one user starts a fire by setting off fireworks inside another person's house.

Spearphishing: Similar to phishing, except they're targeting a specific person instead of just trying to fool whoever they can into clicking on something dangerous. They may use information they find about the person (i.e., job title) to create messages that seem more believable so they'll click on them and share sensitive information with them. An example would be if someone pretended to be your boss and sent you an email telling you that you needed to provide some personal financial info about yourself because there was an issue with your paycheck this month.

 

Countermeasures:

  • You should deploy a good security policy in your organization and conduct required trainings to make all the employees aware of the possible Social Engineering attacks and their consequences.
  • Document shredding should be a mandatory activity in your company.
  • Make double sure that any links that you receive in your email is coming from authentic sources and that they point to correct websites. Otherwise you might end up as a victim of Phishing.
  • Be professional and never share your ID and password with anybody else in any case.
  • Using updated antivirus, anti-phishing tools.
  • Monitoring and auditing.

Comments ()


Sign in

Read Next

Improving the Accuracy of GPS and GNSS

Blog banner

What does the Australian summer have in store for your oral health?

Blog banner

5 People who claimed to have Time Traveled

Blog banner

Malware Defense

Blog banner

From Model Mistakes to Metrics

Blog banner

Record Blocking

Blog banner

Understanding E-mail Servers

Blog banner

Famous Indian dishes that where misunderstood to be Indian

Blog banner

COMPUTER FORENSICS AND GRAPHICS

Blog banner

What Your Child Learns During Free Play (That You Might Not Notice)

Blog banner

Clarizen

Blog banner

Hash password! Is it really secured?

Blog banner

1.1 basic elements

Blog banner

How to Plan a Week of Healthy Meals Without Stress

Blog banner

ASANA- A Management System.

Blog banner

BIRYANI ! The history you never knew about

Blog banner

Types Of scheduling

Blog banner

21ST CENTURY PATRIARCHY

Blog banner

Efficiency of SQL Injection Method in Preventing E-Mail Hacking

Blog banner

Multicore and Multithreading

Blog banner

Data-Driven Prediction of Virtual Item Prices in Online Games

Blog banner

My First Dream Bike

Blog banner

Cyber Security in Data Breaching

Blog banner

RAID

Blog banner

Mariana Trench: The deepest depths

Blog banner

Ubiquitous Computing

Blog banner

Data Security and Data Privacy in Data Science

Blog banner

Deadlock and Starvation

Blog banner

10 Unknown facts about India's Independence

Blog banner

Embaded operating system

Blog banner

Yoga in INDIA and ABROAD

Blog banner

Functions of Operating System

Blog banner

How Social Media Algorithms Will Work in 2026?

Blog banner

Diwali

Blog banner

Multiprocessor and Multicore Organization

Blog banner

Predictive Analysis - Ek Overview

Blog banner

The Role of Cyber Forensics in Criminology

Blog banner

Facebook Shut Down an AI Program!!! Facebook AI bots became Terminators???

Blog banner

Heart Fulness Meditation

Blog banner

Are Social Media Paid Campaigns Worth It?

Blog banner

How to Conquer Depression ?

Blog banner

What is HTML?

Blog banner