Social Engineering Attacks: Difference between revisions
Appearance
Created page with "'''Social engineering attacks''' encompass malicious activities accomplished through human interactions. They rely on psychological manipulation to trick users into making sec..." |
m added Category:DNS Abuse using HotCat |
||
Line 16: | Line 16: | ||
==References== | ==References== | ||
[[Category:DNS Abuse]] |
Latest revision as of 16:00, 12 July 2021
Social engineering attacks encompass malicious activities accomplished through human interactions. They rely on psychological manipulation to trick users into making security mistakes or disclosing sensitive information.[1]
Common Types
- Baiting uses a false promise to arouse victims’ greed or curiosity to lure them into a trap for gathering their personal information or installing malware.
- Scareware inundates victims with false alarms about threats.
- Pretexting involves impersonating a person in a position of authority or familiarity and asking questions to confirm the victims’ identity.
- Phishing scams prod victims to reveal sensitive information, click on a link to a malicious website, or open an attachment that contains malware.[2]
Famous Cases
In October 2020, Kevin Mitnick wrote a blog post about the best-known attacks over the previous decade to remind his readers to be more careful.[3] His list included:
- 2013 Target Third-Party Breach (Phishing) [4]
- 2020 Twitter Bitcoin Scam (Pretexting, Baiting) [5]
- 2014 North Korea attack on Sony Pictures (Phishing)[6]
- 2016 US Presidential Election Email Leak (scareware, spearphishing) [7]
- 2013 Yahoo Customer Account Breach (phishing email)[8]
References
- ↑ Raising Security Awareness, ICANN Blog
- ↑ About Social Engineering, Imperva
- ↑ Top Five Social Engineering Attacks, Mitnick Security Blog
- ↑ Target Email Attack, Krebs on Security
- ↑ Twitter Bitcoin Scam, Mitnick Security Blog
- ↑ Sony Hack, Washington Post
- ↑ 2016 Pres Campaign Hacking, CNN
- ↑ Yahoo Hack, NY Times