Social Engineering is a cybersecurity umbrella term consisting of all types of attacks that use human interaction and social skills to obtain or access information that can be used to attack and harm an individual or organization. The attacker plays on several human emotions and emotional tactics to entice a response from the victim. The email may seem respectful, urgent, demanding, and helpful and play on emotions like greed, curiosity, or fear. Some of the social engineering types are:
Phishing includes fraudulent or deceitful emails with infected links which appear to be from reputable and trusted sources. The purpose is to lure victims into opening an infected attachment or link. The threat actors may appear to be from within the company or from outside sources. There are several types of phishing techniques, including:
Spear phishing targets a victim by collecting information from online sources or social media to masquerade as a known sender. An example of this is getting an email from a “restaurant” that you have received a coupon that needs to be downloaded by opening an attachment.
Whaling, like the name suggests, is used to targeting high or C-level employees like CEOs and CTOs. The “bigger fish” are targeted using the same social engineering techniques.
Vishing is a social engineering technique that utilizes voice communication like cold-calls or call center schemes to attack the victims. It also includes luring the victim into calling a number and divulging their personal information. Broadcasting the service or using VoIP (Voice over Internet Protocol) also helps exploit the victims as the caller ID can be changed and take advantage of the mistrust the public has on landline services.
Smishing is a social engineering technique that utilizes SMS or text communication. Emails contain links to email addresses, webpages, or phone numbers that can automatically open an email or browser window or dial a number. Modern smishing techniques have a high success rate.
As the name suggests, baiting includes enticing the victim with free giveaways. Some cybercriminals use discount offers, free gifts, or coupons to trick the victim into engaging.
Examples of highly successful or popular phishing attempts are the Nigerian prince, 419, or advance-fee scams.