Social Engineering Attacks

From ICANNWiki
Jump to navigation Jump to search

Social engineering attacks encompass malicious activities accomplished through human interactions. They rely on psychological manipulation to trick users into making security mistakes or disclosing sensitive information.[1]

Common Types

  • Baiting uses a false promise to arouse victims’ greed or curiosity to lure them into a trap for gathering their personal information or installing malware.
  • Scareware inundates victims with false alarms about threats.
  • Pretexting involves impersonating a person in a position of authority or familiarity and asking questions to confirm the victims’ identity.
  • Phishing scams prod victims to reveal sensitive information, click on a link to a malicious website, or open an attachment that contains malware.[2]

Famous Cases

In October 2020, Kevin Mitnick wrote a blog post about the best-known attacks over the previous decade to remind his readers to be more careful.[3] His list included:

  1. 2013 Target Third-Party Breach (Phishing) [4]
  2. 2020 Twitter Bitcoin Scam (Pretexting, Baiting) [5]
  3. 2014 North Korea attack on Sony Pictures (Phishing)[6]
  4. 2016 US Presidential Election Email Leak (scareware, spearphishing) [7]
  5. 2013 Yahoo Customer Account Breach (phishing email)[8]