Social Engineering Attacks

Solutions to Defend Against Social Engineering, Phishing, CEO Fraud....

Social Engineering Defined

Social engineering refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme. Social engineering is often associated with phishing, social website scraping and watering hole attacks.

Step1: Reconnaissance: Harvest information for targeted attacks

  • In the case of harvested information, social engineering is frequently the first step of sophisticated multi-step attacks. Complex social engineering attacks like advanced persistent threat attacks (APTs), CEO fraud, crypto currency attacks, and any targeted cyber-attack will use social engineering as a first step.
  • Frequent reconnaissance methods include:
    • Harvesting information from social websites: Facebook, Twitter, LinkedIn, Public posts online by your company, partner companies, vendors, news organizations, member associations etc.
    • Communicating with employees by email, text messaging, or phone to gather targeted information
    • Stealing personal information from your PC, smart phone or company servers
  • Once this information is in hand, a targeted attack on individuals can be initiated that causes the victim to perform the desired behavior.
social engineering attacks, phishing

Step 2: Cause individuals to initiate a particular behavior leveraging what you know from harvested information.

This behavior will result in an infection that becomes the next step in the cyber-attack process. Frequent attack methods leveraging harvested information include spear phishing, CEO fraud, and water hole attacks. Actions elicited from individuals that drive infections include:

  • Clicking in an email link that leads to an infected website
  • Opening an email attachment that leverage computer software flaws that cause your computer to become infected
  • Visiting a particular infected website and frequently a request to enter login credentials or private information
  • Unauthorized, but familiar requests to send money or send confidential information to a 3rd party or bank (CEO Fraud) leveraging what you know about normal ordinary internal transactions.
social engineering attacks

Let us be your One-Stop Cybersecurity Solution Source.
GRC Services, Managed Security, Cybersecurity Products

Helping Companies Since 2003! What are you waiting for?