How Does The Line Of Social Engineering Attacks Look Now?
- Deep Shukla
Updated on: 14/02/2023
382 Views | 0 Comments
The psychological manipulation of people into giving out personal information (PII) from businesses is constantly rising. This perhaps represents a more cunning form of cyber attack. The term “Social Engineering” usually refers to a broad range of malicious activities that are completed through human interactions. All of these activities are done through psychological manipulation that tricks the users into making mistakes or leaking sensitive information.
Table of Contents
- What Is A Social Engineering Attack?
- Common Social Engineering Attacks This Year
- Uber Security Breach: The Major Example of Social Engineering
- Metaverse Could Lead To Increased Cyber Crime, Interpol To Curb Issues
- Personal Measures To Protect Yourself From Social Engineering Attacks
What Is A Social Engineering Attack?
Social engineering attacks are quite different from the usual hacking that the malicious attackers do by themselves such as hacking your computer system or breaching your email address. In contrast to this, social engineering attacks are carried out by cybercriminals where the victims are a part of the cyber attacks. That said, in this kind of attack, cybercriminals try to influence the opinion of the victims and maneuver them to expose sensitive information. Security analysts have ensured that over 70% of the cyberattacks taking place on the internet on a yearly basis are mostly social engineering attacks.
Common Social Engineering Attacks This Year
Social engineering attacks have been evolving with time and the type of social engineering attacks that have been quite prominent this year include the following:
1. Online Baiting
Online advertisements are often a part of your lives where we get to know which company is offering discounts on their products. This often influences our purchase decisions. While most of these advertisements are quite harmless and authentic, there might be some advertisements that are malicious. You can easily spot these if you look at them very carefully.
If something seems too good to be true, it might be malicious. These ads might offer great discounts that are beyond imagination or state that you will certain lottery. Such a type of trap is known as bait. Thus, it is better to stay away from suspicious ads on the internet. You must never click or take part in ads you feel are too good to be true.
Social engineering attacks through the use of emails are known as phishing. Since the existence of emails, these scams are prominent and are continuously on the rise. There are a couple of types of phishing techniques used to extort personally identifiable information. This includes There are a couple of types of phishing techniques used to extort personally identifiable information.
Pretexting is a predecessor of social engineering attacks. In this scenario, the cybercriminal states a hypothetical story to back his claims of sensitive information about a company. In most cases, this kind of social engineering is carried out through phone calls wherein an attacker impersonates an employee or a customer demanding sensitive information from the company.
4. Romance Scams
According to the Federal Bureau of Investigation, internet romance scams are -
“Scams that occur when a criminal adopts a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.”
Last year, romance scams stood at the number 1 position. This was followed by ransomware.
A highly evolved form of social engineering is spoofing wherein an attacker forges a legit company domain to send emails to the customers on behalf of a company. The attacker manipulates the victim into believing that the email has arrived from an authentic source.
6. Vishing & Smishing
Phishing carried out through voice calls or SMS is termed Vishing and Smishing respectively. You often receive an SMS containing a link and asking you to verify your identity. This is often circulated by cybercriminals to fool unsuspecting people. These are the most used social engineering attack types.
Uber Security Breach: The Major Example of Social Engineering
Similar to various other cyber hacks, the security breach of Uber just started with a simple text message. The New York Times reported that a fake text message had tricked an employee of Uber into giving out password details and triggering a trail of events leading to a large-scale compromise of the IT systems of the company. In this scenario, the use of social engineering techniques permitted the attacker to bypass multi-factor authentication processes that usually restrict unauthorized login, even with the right username and password.
The screenshots shared from conversations with the hacker offered insight into how might the attack have taken place. The hacker had claimed that after they had acquired the employee’s password, they repeatedly triggered push notifications in an authentication app. Following this, they sent a WhatsApp message claiming to be from the IT department of Uber. The hacker instructed the employee to confirm the login was legitimate. This offered them access to a VPN. Through this, they could easily connect to the corporate intranet of Uber. Then they scanned the network for sensitive files and applications that were impossible to access from a connection outside of the VPN.
With the help of a PowerShell script that is used to automate tasks on Windows machines, they reportedly found an admin password to log into Thycotic. Thycotic is a Privileged Access Management tool (PAM) controlling access to other software used by the company.
Metaverse Could Lead To Increased Cyber Crime, Interpol To Curb Issues
Metaverse has created a buzz and has an important role in showing how the future will look like. According to research by the Technology Research firm, Gartner, by 2026 one in every four people will spend at least an hour in Metaverse for a specific purpose like studying, working, socializing, shopping, and more. While some companies are skeptical if metaverse would be the best future, other companies believe that they can directly connect to the younger generation.
A lot of companies have come forward to join the metaverse revolution. That said, there are now concerns that cyber crimes in the metaverse are likely to increase. Since the avatars in the metaverse are free to do what they wish, the platforms and the avatars may not be judged easily. As of now, the crimes in the metaverse could be defined by how the services in the metaverse could be used to scam, con, and steal funds from the victims. Thus, the victims are likely to lose funds both physically and virtually when the cybercriminals target them in the metaverse.
In the bid to curb the risks in the metaverse, Interpol has joined the online immersive environment. With the increase in the metaverse cybercrime concerns, Interpol has successfully unveiled the first-ever Metaverse that is specifically designed for global law enforcement. Through the Interpol Secure Cloud, the Interpol metaverse will permit the registered users to have a tour of the virtual Interpol General Secretariat headquarters in Lyon, France.
Without any general physical or geographic boundaries, the users can interact with the other officers through their avatars and also take the immersive training course in forensic investigations and enjoy other capabilities. Additionally, Interpol is also on the lookout to reduce crimes against children, data theft, money laundering, financial fraud, counterfeiting, ransomware, phishing, and sexual assault and harassment.
Personal Measures To Protect Yourself From Social Engineering Attacks
The following are some measures to protect yourself from various social engineering attacks and social engineering scams:
- Raise awareness against the common types of social engineering attacks and red flags.
- You must never submit any confidential information on external websites.
- You should enable the caller ID identification application on your mobile devices.
- You need to keep in mind that your bank will never ask for any OTP or login via SMS or email or over the phone.
- Make sure to recheck the sender's email address and the return path address to confirm they are a match.
- You must never click on any suspicious links.
- Never trust anyone straightaway after you meet them online.
- Never browse websites that are not secured over an HTTPS connection.
That said, the fact remains - hacking through human manipulation is a lot easier to execute than directly hacking from any external source. This is the reason why hackers use social engineering tactics to destroy companies and call for social engineering prevention.