Social engineers are attackers who utilise the one weakness found in every organisation, simple human psychology. Through phone calls, emails, and other media, these predators trick us into handing over our sensitive personal and financial information and can cause great damage as a result.
Baiting is a very common form of social engineering assaults and one that uses malicious actors who lie to entice and entrap victims. Baiters may use an offer of free movie downloads or music, for example, to trick you into handing over your login information.
Phishing is the most common social engineering attack and those who use it are trying to get personal information from you, like your name and address, and, if you are in the USA, your Social Security Number. Other countries call this government-issued number different things, but it is essentially a number given to all citizens at birth used to track their work history and such.
Shortened or misleading links are common phishing techniques that redirect users to suspicious websites with landing pages set up to mine information. They often incorporate threats, instil fear, and create a sense of urgency to motivate you to respond quickly.
Crooks using this form of social engineering attack create a good pretext, or realistic but fabricated scenario, to steal victims’ personal information. Scammers usually make contact with you with the ruse that they need only certain bits of information from you so that they can confirm that you are who you say you are. They are actually trying to commit identity theft, stage a secondary attack, or trick you into doing something that abuses a company’s digital or physical weakness. For example, the fraudster may impersonate an external auditor so that they can get past security and enter a building. These attacks rely on creating a false sense of trust rather than instilling fear.
Quid Pro Quo
Quid pro quo attacks are similar to baiting in that they leverage a benefit in exchange for the information they need. This advantage will usually take the form of some kind of service, however, instead of music or films.
One of the most common types of quid pro quo attacks is one that has debuted very recently in the USA, where fraudsters pretend to be employees at the Social Security Administration. These fake personnel than contact people randomly, tell them that the organisation is experiencing a problem with their computers, and ask unwitting individuals to confirm their Social Security Numbers.