Social Engineering Attacks

Social engineering attacks encompass malicious activities accomplished through human interactions. They rely on psychological manipulation to trick users into making security mistakes or disclosing sensitive information.[1]

Common Types

  • Baiting uses a false promise to arouse victims’ greed or curiosity to lure them into a trap for gathering their personal information or installing malware.
  • Scareware inundates victims with false alarms about threats.
  • Pretexting involves impersonating a person in a position of authority or familiarity and asking questions to confirm the victims’ identity.
  • Phishing scams prod victims to reveal sensitive information, click on a link to a malicious website, or open an attachment that contains malware.[2]

Famous Cases

In October 2020, Kevin Mitnick wrote a blog post about the best-known attacks over the previous decade to remind his readers to be more careful.[3] His list included:

  1. 2013 Target Third-Party Breach (Phishing) [4]
  2. 2020 Twitter Bitcoin Scam (Pretexting, Baiting) [5]
  3. 2014 North Korea attack on Sony Pictures (Phishing)[6]
  4. 2016 US Presidential Election Email Leak (scareware, spearphishing) [7]
  5. 2013 Yahoo Customer Account Breach (phishing email)[8]

References