Social Engineering

avatar
Created by
e.m.d.

Cards (8)

  • Occurs when a cyber criminal creates a social situation which can lead to a victim dropping their guard. Involves the manipulation of people into breaking their normal security procedures
  • No hacking necessary as the victim willingly gives the criminal the necessary information or access to carry out an attack
  • Instant Messaging: Malicious links embedded into instant messages, e.g an important software upgrade (relies on curiosity)
  • Scareware: Pop-up messages claiming a user’s computer has been infected by a virus; the user is told to download the fake anti-virus software (relies on fear)
  • Email/Phishing scams: User is tricked into opening links by legitimate looking emails (relies on trust)
  • Baiting: Cybercriminal leaves an infected memory stick somewhere that the target can pick it up and plug it in to see who it belongs to, unwittingly downloading malware (relies on curiosity)
  • Phone Calls: For example, a so called IT expert calls a user, claiming a device has been compromised and that they need to download software which allows the cybercriminal to take over the device. (Relies on fear)
  • Social engineering exploits either fear, curiosity or empathy/trust