Social Engineering, a form of manipulation that exploits human error for monetary gain or to access private information, is more rampant than ever. Especially around the holiday season, threat actors use a wide range of tactics to victimize individuals as well as groups of people, companies, and entire industries.
Check out our handy ECS infographic below to learn more about some of the most prominent forms of social engineering. Then, brush up on our best practices for staying cyber safe!
An email-based attack that tricks the victim into divulging login credentials by persuading them to interact with a file, link, or image disguised as a fake login page. There are many sub-categories of phishing based on varying tactics, including spear phishing (targeted phishing backed by prior research of the victim), vishing (phishing over a voice communication channel such as a phone), smishing (phishing over text/SMS), and whaling (phishing targeting a high-profile target, such as a company executive).
Using conspicuously-placed physical media (such as a flash drive in a company bathroom, elevator, or parking lot) or enticing ads online, victims are lured into accidentally downloading a malware-infected application or visiting a malicious site.
An attack that first infects the victim’s web-browser then subsequently redirects and captures (or farms) the user’s searches and browsing activity. This typically occurs when the user browses to an unsafe website.
A targeted attack where a malicious actor compromises and modifies a trusted website that is frequented by a specific group of users.
An attack that bombards a victim with false alarms and fictitious threats via unprompted-but-legitimate-looking pop-up banners or spam email. Victims are lured into installing malware or are redirected to a malicious site.
What to do if you suspect you are a victim:
Report suspected social engineering attempts via your company’s standard operating procedures, including notifying your supervisor.