Social Engineering, a form of manipulation that exploits human error for monetary gain or to access private information, is more rampant than ever. Threat actors use a wide range of tactics to victimize individuals as well as groups of people, companies, and entire industries.
Check out our handy ECS infographic below to learn more about some of the most prominent forms of social engineering. Then, brush up on our best practices for staying cyber safe!
Phishing
An email-based attack where threat actors attempt to trick victims into clicking a malicious link, downloading a malicious attachment, or divulging sensitive information, such as login credentials or financial data. There are many sub-categories of phishing based on varying tactics, including spear phishing (targeted phishing backed by prior research of the victim), vishing (phishing over a voice communication channel such as a phone), smishing (phishing over text/SMS), and whaling (phishing targeting a high-profile target, such as a company executive).
Deep Fakes
Voice Cloning, and Generative AI –
Threat actors are increasingly using AI to craft more sophisticated phishing campaigns, including large language model (LLM) generated emails, deep fakes, and voice cloning technology to impersonate family, friends, and colleagues.
Baiting
Using conspicuously-placed physical media (such as a flash drive in a company bathroom, elevator, or parking lot) or enticing ads online, victims are lured into accidentally downloading a malware-infected application or visiting a malicious site.
Pharming
An attack that first infects the victim’s web-browser then subsequently redirects and captures (or farms) the user’s searches and browsing activity. This typically occurs when the user browses to an unsafe website.
Watering Hole
A targeted attack where a malicious actor compromises and modifies a trusted website that is frequented by a specific group of users.
Scareware/Fraudware
An attack that bombards a victim with false alarms and fictitious threats via unprompted-but-legitimate-looking pop-up banners or spam email. Victims are lured into installing malware or are redirected to a malicious site.
What to do if you suspect you are a victim:
Report suspected social engineering attempts via your company’s standard operating procedures, including notifying your supervisor.