Social engineering uses human weakness or psychology to gain access to the system, data, and personal information, etc. It is the art of manipulating people. It doesn’t involve the use of technical hacking techniques. Attackers use new social engineering practices because it is usually easier to exploit the victim’s natural inclination to trust.
For example, it is much easier to fool someone to give their password instead of hacking their password. Sharing too much information on social media can enable attackers to get a password or extracts a company’s confidential information using the posts by the employees. This confidential information helped attackers to get the password of victim accounts.
How Social Engineering Attacks takes place?
Phishing scams are the most common types of Social Engineering attacks these days. Tools such as SET(Social Engineering Toolkit) also make it easier to create a phishing page but luckily many companies are now able to detect phishing such as Facebook. But it does not mean that you cannot become a victim of phishing because nowadays attackers are using iframe to manipulate detection techniques. The example of such hidden codes in pishing pages are cross-site-request-forgery “CSRF” which is an attack that forces an end user to execute unwanted actions on a web application.
Example: In 2018 we have seen a great rise in the use of ransomware which have been delivered alongside Phishing Emails. What an attacker does is they usually deliver an attachment with a subject like “Account Information” with the common file extension say .pdf/.docx/.rar etc. At which user generally click and the attacker’s job gets done here. This attack often encrypts the entire Disk or the documents and then to decrypt these files it requires cryptocurrency payment which is said to be “Ransom(money)”. They usually accept Bitcoin/Etherium as the virtual currency because of its non-traceable feature. Here are a few examples of social engineering attacks that are used to be executed via phishing:
- Banking Links Scams
- Social Media Link Scams
- Lottery Mail Scams
- Job Scams
- Timely monitor online accounts whether they are social media accounts or bank accounts, to ensure that no unauthorized transactions have been made.
- Check for Email headers in case of any suspecting mail to check its legitimate source.
- Avoid clicking on links, unknown files, or open email attachments from unknown senders.
- Beware of links to online forms that require personal information, even if the email appears to come from a source. Phishing websites are same of legitimate websites in looks.
- Adopt proper security mechanism such as spam filters, anti-virus software, and a firewall, and keep all systems updated, anti-keyloggers.
- Social Network API
- Appropriate usage of social networks
- Privacy and Security in online social media
- Futuristic Solution to Privacy and Security in online social media
- Design data structures for a very large social network like Facebook or Linkedln
- Virtual Private Network (VPN) | An Introduction
- Create a Virtual Machine and Set up API on Google Cloud
- Creating Python Virtual Environment in Windows and Linux
- Create a shared Folder between Host OS and Guest OS ( Virtual Box)
- 5 Mistakes That Every Engineering Student Must Avoid
- Impact going to be created by Augmented Reality and Virtual reality
- Why Internships are Important for Engineering Students or Freshers?
- How to Prepare for Amazon Software Development Engineering Interview?
- Virtual Reality vs Augmented Reality: What's the difference?
- Virtual Reality, Augmented Reality, and Mixed Reality
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.