Social engineering

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems.

Scams based on social engineering are built around how people think and act. As such, social engineering attacks are especially useful for manipulating a user’s behavior. Once an attacker understands what motivates a user’s actions, they can deceive and manipulate the user effectively.

Social Engineering Lifecycle:

1. Preparing the victim(s)

• Identifying the victim(s)
• Gathering informations
• Choosing attack method(s)

2. Infiltrate

• Engaging the target group
• Spinning a story
• Establishing a relationship or initiating an interaction, started by building trust

3. Obtaining the information/exploiting the victim(s)

• Executing the attack
• Expanding a foothold
• Disrupting the business

4. Closing the investigation

• Removing all traces of malware
• Covering tracks
• Bringing the investigation to a natural end

Social engineering types:

• Phishing attacks
• Baiting attacks
• Smishing Attack
• Impersonation
• Vishing Attack