Social Engineering Attacks
Social engineering attacks encompass malicious activities accomplished through human interactions. They rely on psychological manipulation to trick users into making security mistakes or disclosing sensitive information.[1]
Common Types
- Baiting uses a false promise to arouse victims’ greed or curiosity to lure them into a trap for gathering their personal information or installing malware.
- Scareware inundates victims with false alarms about threats.
- Pretexting involves impersonating a person in a position of authority or familiarity and asking questions to confirm the victims’ identity.
- Phishing scams prod victims to reveal sensitive information, click on a link to a malicious website, or open an attachment that contains malware.[2]
Famous Cases
In October 2020, Kevin Mitnick wrote a blog post about the best-known attacks over the previous decade to remind his readers to be more careful.[3] His list included:
References
- ↑ Raising Security Awareness, ICANN Blog
- ↑ About Social Engineering, Imperva
- ↑ Top Five Social Engineering Attacks, Mitnick Security Blog
- ↑ Target Email Attack, Krebs on Security
- ↑ Twitter Bitcoin Scam, Mitnick Security Blog
- ↑ Sony Hack, Washington Post
- ↑ 2016 Pres Campaign Hacking, CNN
- ↑ Yahoo Hack, NY Times