How to Spot the Most Common Types of Social Engineering Attacks?

I am pretty confident you are well aware of the term social engineering attacks.

Yes, you are right! It is the art used by cyber criminals to trick people into giving out their personal information or money. However, do keep in mind, cyber criminals do not stick with only one trick or one particular cyber attack to do so.

The way these criminals approach their victims varies. Also, their goal differs. Sometimes it might be to only steal your money but sometimes it can be your personal information or both. But, one thing that is always common in social engineering attacks is “Manipulation.”

What makes them so successful in manipulating their victims?

Well, the answer is simple. Cyber criminals do their homework before launching a cyber attack that we often neglect in doing so to prevent the same.

The Homework

Cyber criminals go through every detail of the person or the organization they target. Let me give you an example to make it more clear. Let’s say a cyber criminal is targeting the sales manager in your company. 

Then the first thing the malicious actor might do is run a background check of your manager. This can involve looking into his hobbies or his social media activities. In short, cyber criminals will research every personal detail of your manager. Of course, the information available publicly but if possible they may even go for details that are not made public.

Why they do this?

Glad you asked!

This helps them construct a specific type of cyber attack based on your manager’s interest. For instance, finding out your manager is precisely looking after sales, they might approach him as a new client lead. Or if your manager is interested in sharing new innovative technologies on social media, then they might also approach him as a company that is engaged in manufacturing all those.

And since your manager is already interested in the particular field, when the cyber criminals approach him or her impersonating a brand associated with the field. It is likely for your manager to easily trust them.

That means when they send your manager an email he or she has a high chance of opening the email, clicking the malicious link, or downloading the malware attachment.

So, this answers the question of why cyber criminals are successful in launching a social engineering attack.

Now, what are the most common type of social engineering attacks?

Phishing Attack

Yes, the old-school cyber attack also known as phishing attack is still running smoothly as silk.

Surprised? Don’t be.

“Phishing still ranks as a ‘go to’ by most hackers because it is easy to do and it often works.” – Forbes

According to a report from Forbes, the attack vector to be blamed for more than 80% of reported security incidents are phishing attacks. Also, the same report mentioned that Google has registered 2,145,013 phishing sites as of January 17, 2021.

“95% of all cyber risks involve email-based attacks,” says Vikas Yadav, Veteran IT & Cyber Security Expert, when talking about rising phishing attacks in our webinar “Cyber Security Buffs”. He further added, “Phishing has always been one of the prime attack vectors amongst cyber criminals.”

Watch the webinar “Cyber Security Buffs” to find out more

These facts indicate phishing is the most popular social engineering attack among cyber criminals to target their victims.

However, do you have any idea about other types of social engineering attacks that cyber criminals prefer these days?

Read more to find out!

Smishing Attack

Another social engineering attack you and your company should be watching for is a smishing attack.

Yes, you heard it right, smishing attacks are on the rise!

Just recently the UK’s NCSC and leading mobile telecom operators had to issue a warning to every organization in the UK because of smishing attacks.

What happened?

Well, spyware also known as Flubot malware was spreading across the UK through SMS text.

You can find out more about the news here: “UK’s NCSC Warns of Flubot Malware”

And do not make any mistake thinking the cyber criminals will target you only through SMS in smishing attacks. “WhatsApp Pink Scam” is a reminder for you that they can target you through other applications as well.

Vishing Attack

Now, this is the other attack vector you should be concerned about. Not new on the scene, however, it was laying low in the past. 

But as of now, cyber criminals are not missing any opportunity to use this attack vector and steal information from companies like yours.

I know it is hard to trick someone into passing out information through a telephone or web call but trust me cyber criminals are really smart and good at this.

For instance, they might call you acting like a housewife being in danger. Tell you she is in trouble and needs your help. To make it look more legitimate, tell you she got your number through her husband who is working in your office ( Remember the background check I mentioned above?) but her husband’s number is not connecting. 

Moreover, for the final touch, they’ll play an audio or video clip of a kid crying in the background to make it sound more real. And boom! Within 30 seconds she gets your email id and what else!

Conclusion

One never knows how cyber criminals can approach you or your colleagues or your employees. So, it is always better we stay one step ahead of them if we do not want to fall into their traps.

How do you do that?

Just like cyber criminals do their homework, you should too. By that, I don’t mean to implement cyber criminals’ methods but to adopt the necessary cyber security measures.

And if you are interested in knowing those specific measures to avoid such cyber attacks, then I will be writing my next blog on this. So, stay tuned!

If you enjoy reading our blogs, you can also follow us on LinkedIn to get daily updates on cyber security news. Also, leave your thoughts on social engineering attacks in the comment section down below.

About The Author

Richard

See author's posts