Additional Social Engineering Techniques
Social engineers target all of the ways in which people communicate and transfer files, including the following:
Email (Phishing): An email arrives that seems to be coming from your bank indicating that your account is closed. But it actually points to a fake website designed to steal your username and password.
Email (Attachments): An email arrives from a delivery company explaining that a shipment you never ordered has been delayed. It invites you to open the attached PDF file to learn more about the contents of the shipment. Of course, the PDF file actually contains malicious software.
SMS Text Messages (SMiShing): You get an SMS text message confirming an expensive order you never placed. When you call the number, the auto-attendant asks for your credit card number, expiration date, and CVV security code to cancel the order. Of course if you enter this information, what you’re actually doing is giving it to a cybercriminal.
Fake Antivirus Software (Malware): While browsing the Internet, an antivirus program appears to scan your computer and finds an infection. You’re instructed to download the software to remove it. Of course if you do this, fake antivirus software will infect your computer and possibly encrypt your hard drive holding your system hostage until you pay the cybercriminal a “licence fee.”
Voicemail / Voice Response Systems (Vishing): You get a voicemail confirming an expensive order you never placed. When you call the number, the auto-attendant asks for your credit card number, expiration date, and CVV security code to cancel the order. Of course if you enter this information, what you’re actually doing is giving it to a cybercriminal.
Faxes (Phaxing): You get a fax from a bank or financial website indicating that there has been fraudulent activity on your account and that in order for them to investigate and remove the fraudulent charges, you must first fill out and fax back the form, which asks for your username, password, date of birth, and other sensitive information. Of course if you fill out the form and fax it in, what you’re actually doing is sending the information to a cybercriminal.
USB Drives (Malware): You find a USB drive in a car park near your workplace or receive a free USB drive in the mail. When you plug it in, a secret program is automatically installed that allows a hacker to take complete control of your computer without your knowledge. See the security policy for more details on USB drive best practices.
Continue