Social engineering uses human weakness or psychology to gain access to the system, data, and personal information, etc. It is the art of manipulating people. It doesn’t involve the use of technical hacking techniques. Attackers use new social engineering practices because it is usually easier to exploit the victim’s natural inclination to trust.
For example, it is much easier to fool someone to give their password instead of hacking their password. Sharing too much information on social media can enable attackers to get a password or extracts a company’s confidential information using the posts by the employees. This confidential information helped attackers to get the password of victim accounts.
How Social Engineering Attacks takes place?
Phishing scams are the most common types of Social Engineering attacks these days. Tools such as SET(Social Engineering Toolkit) also make it easier to create a phishing page but luckily many companies are now able to detect phishing such as Facebook. But it does not mean that you cannot become a victim of phishing because nowadays attackers are using iframe to manipulate detection techniques. The example of such hidden codes in pishing pages are cross-site-request-forgery “CSRF” which is an attack that forces an end user to execute unwanted actions on a web application.
Example: In 2018 we have seen a great rise in the use of ransomware which have been delivered alongside Phishing Emails. What an attacker does is they usually deliver an attachment with a subject like “Account Information” with the common file extension say .pdf/.docx/.rar etc. At which user generally click and the attacker’s job gets done here. This attack often encrypts the entire Disk or the documents and then to decrypt these files it requires cryptocurrency payment which is said to be “Ransom(money)”. They usually accept Bitcoin/Etherium as the virtual currency because of its non-traceable feature. Here are a few examples of social engineering attacks that are used to be executed via phishing:
- Banking Links Scams
- Social Media Link Scams
- Lottery Mail Scams
- Job Scams
- Timely monitor online accounts whether they are social media accounts or bank accounts, to ensure that no unauthorized transactions have been made.
- Check for Email headers in case of any suspecting mail to check its legitimate source.
- Avoid clicking on links, unknown files, or open email attachments from unknown senders.
- Beware of links to online forms that require personal information, even if the email appears to come from a source. Phishing websites are same of legitimate websites in looks.
- Adopt proper security mechanism such as spam filters, anti-virus software, and a firewall, and keep all systems updated, anti-keyloggers.
- Futuristic Solution to Privacy and Security in online social media
- Create a shared Folder between Host OS and Guest OS ( Virtual Box)
- Importance of Practical Application In Engineering Programs
- How to Run the Android App on a Real Device?
- What Makes You a Good Programmer?
- How to Become GitHub Campus Expert?
- 8 Time Consuming IT Tasks You Need to Automate Now
- How to Get Your Ideal Job in 2020 - A Strategic Roadmap!
- 7 Best Analytical Skills to Include on Your Resume
- Top 10 Team Management Apps in 2020
- How to Create Your Own Shortcut in Android Studio?
- 5 Mistakes To Avoid While Choosing Online Certifications
- How to Publish Your Android App on Amazon App Store for Free?
- How to install Android Applications in Mobile Phone without USB Cables using Android Studio
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.