Advice

5 Most Common Social Engineering Attack Methods

Whether at home or in a place of business, people – not systems – are the weakest security link. For this reason, criminals target individuals with sophisticated social engineering attacks in order to gain access to private information. Here are the five most common attack methods and identifiers to help you avoid them:

Phishing

  • Phishing attempts seek to redirect users to malicious websites with URLs that appear legitimate.
  • Phishing emails often incorporates threats, fear, or a sense of urgency in attempt to manipulate user actions.

Pretexting

  • Pretexting involves using a fabricated scenario to try to steal information.
  • Criminals pretend they need information from an individual to confirm their identity, or attempt to manipulate an individual into performing actions that enable the criminal to exploit security weaknesses of an organization.
  • Advanced pretexting attacks can take the form of a criminal impersonating an external IT professional to manipulate employees into letting them into secured areas of a building.

Baiting

  • Baiting attacks are similar to phishing attacks, but typically include the offer of an item or good to entice potential victims.
  • Baiting is not restricted to online schemes, and can focus on exploiting human curiosity via physical media.

Quid Pro Quo

  • Quid pro quo is the promise of benefits in exchange for access. Whereas baiting frequently takes the form of a good, quid pro quo usually assumes the form of a service.
  • A common quid pro quo attack is a criminal impersonating an IT professional who calls a business offering a quick fix in exchange for the employee who answers the phone disabling their antivirus to get new software or updates.

Tailgating

  • Tailgating is an attack method involving someone who lacks proper authentication following an employee into a restricted area with false documentation or none at all.
  • Criminals impersonate a vendor or service professional to gain the security access to enter an secured area of the company.
  • This type of attack is most effective in small to mid-size companies where criminals work to gain familiarity with employees in order to earn their trust.

Criminals have many social engineering methods at their disposal. Knowing what to look for will help you recognize an attack and avoid becoming a victim.

Documents