Open in app

Sign in

Write

Sign in

Social Engineering: An Introduction

XcelLab
XcelPay Magazine

--

Social engineering is a word used to encompass a broad range of malevolent activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first studies the intended victim to gather essential background information, such as possible points of entry and weak security protocols, needed to advance with the attack. Then, the attacker moves to gain the victim’s trust and offer stimuli for consequent actions that break security practices, such as revealing delicate information or giving away access to critical resources.

What makes social engineering dangerous is that it depends on human error, rather than weaknesses in software and operating systems. Mistakes made by genuine users are much less predictable, making them harder to identify and thwart than a malware-based intrusion.

Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. The following are the five most common forms of digital social engineering assaults. Let’s take a look all the techniques that are used to achieve malevolent interests.

Baiting

As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware.

Scareware

Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think their system is infested with malware, encouraging them to install software that has no real benefit (other than for the perpetrator) or is malware itself. Scareware is also referred to as deception software, rogue scanner software and fraudware.

Pretexting

Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim to perform a critical task.

Phishing

As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.

Spear phishing

This is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. They then tailor their messages based on characteristics, job positions, and contacts fitting to their victims to make their attack less conspicuous. Spear phishing requires much more effort on behalf of the perpetrator and may take weeks and months to pull off. They’re much harder to detect and have better success rates if done skilfully.

In tomorrow’s post we will discuss cryptocurrencies and social engineering so stay tuned.

--

--

XcelLab
XcelPay Magazine

Written by XcelLab

45 Followers
Editor for

XcelLab has embarked on an ambitious journey to build an eco-system driven by blockchain technology, and crypto use-cases that are built to address the issues a