What are the different types of social engineering?
So what is social engineering? It is a science that involves the use of verbal skills, psychology, and human interaction to get what you want from the target. There are two main types of social engineering.
Types of Social Engineering
1. Technical Social Engineering
This type of social engineering can be done with the help of social media, hacking, or any other means. It is also called computer-based or cyber-based social engineering. This type of social engineering mostly focuses on getting access to the target’s computer, software, or network. Some examples of technical social engineering are:
a) Phishing: Phishing is a process by which the attacker sends out fake emails pretending to be a legitimate company like Google or Facebook, etc. The attacker asks the victims to provide their personal and financial information so that they can access the target’s computer.
b) Trojan: A Trojan is a malicious software that can be installed on a computer posing as a file, application, or any other document which you think is legit. Trojans are known to have devastating effects, especially Trojans like KeyLogger and RAT (Remote Administration Tools).
c) Malware: Malware is anything that can harm your computer or your files. These are usually hidden in pornographic websites or torrent files. They are used to blackmail victims and extort money.
2. Social Engineering:
This type of social engineering uses the real-world environment to get the target to do what you want. It is also called human-based or physical-based social engineering. This form of social engineering mostly focuses on getting the target to do something for you without even knowing it.
Some examples of social engineering are:
a) Dumpster diving: Dumpster diving is just like it sounds; looking through dumpsters for useful information about the target organization like documents, credit card numbers, and customer data.
b) Tailgating: Tailing a person into a building without him/her noticing it so that you can get access to the building when he does
c) Vishing: Vishing is using the phone for social engineering attacks
d) Impersonation: Impersonation means pretending to be somebody else. Also, an impersonator may pretend to be a police officer or an employee of a company to get what they want from the target
e) Spear phishing: Spear phishing is when an attacker targets a specific group of people instead of randomly firing emails at them
f) Whaling: Whaling involves targeting high-profile individuals such as celebrities, politicians, or government officials
How to Spot Social Engineering Attacks?
Social engineering is an art. It is not just a science. It also involves reading the environment, choice of words, and the way one interacts with the target to get what one wants. In addition, social engineering attacks are difficult to detect and even harder to prevent. Security awareness training is also a great way to educate people about social engineering. Perhaps and make them aware of such attacks. Some things one can do to protect themselves against social engineering are, for instance:
1. Never give out your personal information like credit card numbers or bank details to anyone over the phone or online
2. Be wary of emails from unknown persons and check their authenticity before taking action
3. Be careful about opening files from unknown persons or websites; always scan them for malware or viruses