Social engineering attacks cover a wide range of activities. Phishing, for instance, is a social engineering attack (SEA).
The victim receives a legitimate-looking e-mail, follows a link to a legitimate-looking website they’re familiar with, and often divulges sensitive information to a malicious third party.
As end-users are made aware of such activities, the attacks generally must become more sophisticated in order to remain effective. Recently, attacks of this nature have become narrowly targeted at specific companies, often mimicking internal system logins and targeting only individuals working at the subject company.
It’s an electronic numbers game conducted from afar, and the reason it is so common is that it works!
Steps For Social Engineering Attack
- Gather Information: This is the first stage, the learns as much as he can about the intended victim. The information is gathered from company websites, other publications and sometimes by talking to the users of the target system.
- Plan Attack: The attackers outline how he/she intends to execute the attack
- Acquire Tools: These include computer programs that an attacker will use when launching the attack.
- Attack: Exploit the weaknesses in the target system.
Use acquired knowledge: Information gathered during the social engineering tactics such as pet names, birthdates of the organization founders, etc. is used in attacks such as password guessing.
How to protect yourself from social engineering attack (SEA
- Never reveal your passwords or log in credentials to anyone. If a legitimate technician needs to access your account or information, they should be able to do this without needing you to give them your details.
- When you enter your details on a website, make sure the URL is correct.
- Never open strange-looking files or attachments, even if they come from someone you know.
Many infamous viruses such as ‘I Love You’, the NeverQuest Trojan or Blaster have used social engineering to spread to millions of computers, and other scams, including the Whatsapp premium messages scam, also use this method to gain the trust of the victim.