Social Engineering Attacks

From ICANNWiki
Revision as of 16:00, 12 July 2021 by Jessica (talk | contribs) (added Category:DNS Abuse using HotCat)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Social engineering attacks encompass malicious activities accomplished through human interactions. They rely on psychological manipulation to trick users into making security mistakes or disclosing sensitive information.[1]

Common Types

  • Baiting uses a false promise to arouse victims’ greed or curiosity to lure them into a trap for gathering their personal information or installing malware.
  • Scareware inundates victims with false alarms about threats.
  • Pretexting involves impersonating a person in a position of authority or familiarity and asking questions to confirm the victims’ identity.
  • Phishing scams prod victims to reveal sensitive information, click on a link to a malicious website, or open an attachment that contains malware.[2]

Famous Cases

In October 2020, Kevin Mitnick wrote a blog post about the best-known attacks over the previous decade to remind his readers to be more careful.[3] His list included:

  1. 2013 Target Third-Party Breach (Phishing) [4]
  2. 2020 Twitter Bitcoin Scam (Pretexting, Baiting) [5]
  3. 2014 North Korea attack on Sony Pictures (Phishing)[6]
  4. 2016 US Presidential Election Email Leak (scareware, spearphishing) [7]
  5. 2013 Yahoo Customer Account Breach (phishing email)[8]

References

  1. Raising Security Awareness, ICANN Blog
  2. About Social Engineering, Imperva
  3. Top Five Social Engineering Attacks, Mitnick Security Blog
  4. Target Email Attack, Krebs on Security
  5. Twitter Bitcoin Scam, Mitnick Security Blog
  6. Sony Hack, Washington Post
  7. 2016 Pres Campaign Hacking, CNN
  8. Yahoo Hack, NY Times
Retrieved from "https://icannwiki.org/index.php?title=Social_Engineering_Attacks&oldid=1325956"