Some Social Engineering Facts and Tactics You Can Use

Dolyetyus

Co Admin
21 Nis 2020
1,204
664
Delft
Greetings Turk Hack Team Members, today I'll talk about some Social Engineering tips and facts. I tried to explain as many as I can. Let's start then.

SocialEngineering-700x395.png


Pretexting

Pretexting is usually paired with spear phishing as the attention-getter. It’s a tactic that builds a compelling context or pretext around the social engineering scenario. An email from your “boss” is a common pretext scenario.

image-2.png


Pretext is important to social engineers. It is how they manipulate people into making mistakes and giving up valuable information.


Baiting

Baiting is a social engineering tactic with the goal of capturing your attention. Baiting can be found in search results, social media or emails. For businesses, baiting often comes across as a request for help. During the baiting attempt, victims are asked to verify company credentials and confidential information. This information can lay the foundation for future interactions with the social engineer.

animals-bait-fishing_flies-fisherman-cellphone-cell_phones-nfkn2297_low.jpg


Another form of baiting is more physical. Social engineers have been known to leave a USB somewhere at their target company. The label is appealing to employees, like “2020 Raises.” This tempts your employees to pick it up and plug it in, allowing the social engineer to have an entry point into your network.


Quid Pro Quo

The quid pro quo tactic always appears like an equal exchange of information—the classic “You’ll scratch my back; I’ll scratch yours” — but when it comes to social engineering, it is not equal. Social engineers craft their proposals to benefit them and their goal in gaining information to infiltrate your business.

quid-pro-quo.jpg



Phones & Vishing

Phones are vulnerable to vishing (voice phishing) and texting phone scams. Vishing is a phone scam that pretends to be a trusted authority to get exploitable information, like the IRS phone scare that comes around tax season each year. Social engineers are clever. They can mimic recognizable phone numbers and caller ID names to gain trust.

vishing.jpg


Some social engineers are strategic and use out of office replies to research and call your business:

Hi Dan, I hope Erica is enjoying her vacation in the Bahamas. Since she won’t be back until July 31st, she directed me to you to answer my questions.
A simple opening is all a good social engineer needs to appear to be a credible source.

And those are just phone call examples of social engineering!

Social engineers are even using texting. Texting is more and more integrated into technology. Social engineers are using texts to send phishing links to open the door into your network.


Tailgating

Tailgating involves more than one person, piggybacking off of resources to appear like a credible source. For example, a social engineer will call someone, who they know does not have the proper authority to answer their question, and the employee will transfer them to someone who can. This transfer makes the social engineer look trustworthy.

Tailgating.jpg


Like baiting, tailgating isn’t limited to the virtual world. An easy way social engineers gain access to a physical, internal network is by conversing with an employee and following them into the building without swiping a keycard. This gives them easy access to the entire building, including your serves and computers.


Social Media

Social media is a social engineering tool. Social engineers create bogus profiles which impersonate celebrities or trickier your friends and family. They often take advantage of data breaches to accomplish identity theft.

social-media-mobile-icons-snapchat-facebook-instagram-ss-800x450-3-800x450.jpg


Rogue Security

Social engineering uses every trick to gain access to your network, including rogue security. Rogue security is a form of malware which impersonates a fake or simulated anti-spyware or security scanner. It tricks you into believing you are getting protection, when in fact you are infecting your network with malware and the social engineer is stealing your data.

rogue.jpg


It is possible to protect yourself against a rogue security attack. Knowledge is power. Understanding who your anti-virus provider is and how often updates occur can protect you and your company from falling victim to a rogue security attack. At Access Systems, we verify updates that go out to our network and clients on a regular schedule. So, you know they are not rogue security pop-ups.


Emergency Language

To make you fall for social engineering, attackers will use emergency language. They use words or phrases like:

If you do not respond
Immediately
This is your last chance
Respond now
You have 2 days
Quickly

These words make you act first and think second, because no one wants to get in trouble or miss an opportunity. It manipulates you to make rush decisions.

Social engineering attacks also are impacted by the time of year or regional events. Natural disasters and health scares usually bring out a surge of insurance fraud attacks and political elections are prime targets for fake donations.

Reason-to-Learn-a-Foreign-Language.jpg


This article ends here, thanks for reading.
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.