Tech Corner

Social engineering: 5 Types of attacks and how to prevent them

Megha Baweja
.
last edited on
.
November 15, 2023
6-8 mins

Table of contents

Automate your business at $5/day with Engati

REQUEST A DEMO
Switch to Engati: Smarter choice for WhatsApp Campaigns 🚀
TRY NOW
Social engineering: Types of attacks and how to prevent them

Social Engineering, in the context of information security, refers to non-technical cyber attacks that rely heavily on human interactions and involve tricking people into revealing information and breaking standard security practices.The success of these attacks depends upon the attacker's ability to manipulate victims into performing certain tasks or providing confidential information.

The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions. Social engineering differs from traditional hacking in the sense that these attacks are mostly non-technical and don’t necessarily involve the compromise or exploitation of software or systems.

Generally, social engineering attackers have one of following goals

  • SabotageDisrupting or corrupting data to cause harm or inconvenience.
  • TheftObtaining valuables like information, access, or money.

Types of Social Engineering attacks

Let's understand them in a better fashion.

1

Phishing

Phishing is one of the most popular social engineering attacks and it involves sending emails and text messages aimed at creating a sense of curiosity or fear in the victims. Phishers pretend to be from trusted institutions, seeking information that might help them with a more significant crime.

Example:

They may send an email that appears to be from the bank asking email recipients to click on a link to log in to their accounts. Those who click on the link are taken to a fake website that appears to be like the real one and once they log in at that fake site, they’re essentially handing over their login credentials and giving the attacker access to their bank accounts.

Attacks using phishing are targeted in one of two ways:

  • Spam phishingAlso known as mass phishing, is an attack aimed at many users. These attacks are non-personalized and try to catch any person who gets trapped.
  • Spear phishingSpear phishing and by extension, whaling, basically targets particular users. This attack specifically targets people like celebrities, upper management, and high-ranking government officials.
2

Baiting

As its name implies, baiting attacks use a false promise to provoke the victims' greed or interest. They set a trap that steals the victims' personal information or inflicts their systems with malware.

Popular methods of baiting can include:

  • Physical BaitingUSB drives left in public spaces, like libraries and parking lots making passersby eager to see the contents on the device.Once the user plugs the device into his/her computer, malware is downloaded into victim's hard drive and hence allowing attackers to have access to victims personal information.
  • Digital BaitingEmail attachments including details about a free offer, or deceitful free software.
3

Pre-texting

Pretexting occurs when an attacker creates false circumstances to compel a victim into providing access to their sensitive data . Hackers use pretexting to target individuals who are likely to feel threatened or fearful of penalty if they do not share the requested information. Pretexting is achieved via the phone, via email, or in some cases, even with the use of social media messenger applications.

These attackers often inform individuals that they are in need of highly sensitive information to complete a task or to prevent the individual from legal trouble. When an individual feels threatened, unguarded, or scared, they are much more likely to reveal bank account numbers, social security numbers, and other sensitive data.

4

Quid Pro Quo

A quid pro quo attack is one in which the attacker pretends to provide something in exchange for the target's information or assistance. Users are enticed by the promise of money, free travel vouchers, or gifts in exchange for login information or other sensitive details such as social security numbers and bank account numbers.

For instance, a hacker calls some random people within an organization and pretends to be calling back from the tech support. Eventually, the hacker will find someone with a tech issue for which they will then pretend to help. Through this, the hacker can have control over the victim's computer and type in commands to launch malware and collect personal information.

5

Tailgating

Tailgating is a physical social engineering attack that occurs when attackers follow the victims into a secure location. The goal of tailgating is to obtain confidential information.

When a hacker is interested in obtaining the data of a specific individual or organization, they may follow them to the locations where free Wi-Fi is available. Hacking into a public Wi-Fi hotspot provides the ability to learn more about individuals using the connection and obtaining sensitive and personal data.

Another example of tailgating may include asking an individual to utilize their access pass while entering a building or going to work in their office by lying about forgetting their pass to quickly steal information. This form of attack is often used by hackers who have a personal interest in an individual or organization having wealth or unsecured banking accounts that are easy to hack and steal from. Tailgating is one of the most personal forms of social engineering and also one of the most threatening attacks in the real world.

Social Engineering Phases

social-engineering-phasesResearch, contact, attack - Phases of social engineering
Research, contact, attack - Phases of social engineering

Ways to prevent Social Engineering

  • Always keep your laptops locked.
  • Use strong passwords.
  • Don't use the same password for different accounts. Consider using a password management tool like LastPass LastPass to help manage your accounts.
  • Keep your software up to date.
  • Avoid sharing personal details like names of your schools, pets, place of birth, etc.
  • Do not open emails from untrusted sources.
  • Learn what is DMARC to make sure you stay abreast on spoofing and impersonation attempts
  • Be observant and secure while accessing Wi-Fi hotspots or internet anywhere outside of the home.
  • Install an antivirus on your system
  • Be vary of building online-only friendships.
  • Do not go for alluring offers from strangers; always trust your instinct.
  • Use multi-factor authentication. Multi-factor authentication adds extra layers of security to your online accounts to verify your identity upon account login.
  • Always keep your access identity card with you and make sure to keep it secure from being misused by prohibited people.
  • Execute cybersecurity practices in your organization to prevent any kind of risks.
  • Impart cybersecurity awareness training to the employees to make them aware and careful about cyberattacks and how to recognize them and avoid being a victim of the attack.
  • If you have a policy of BYOD at work, ensure employees use parental control technology on their devices to prevent data leaks through kids.
  • In order to avoid tailgating attacks, do not let unknown people enter restricted places of office unless they have appropriate credentials or authority of access.
  • Set your spam filters to high.
  • Double check on any requests for updating/correcting information. Look for the latest news on cybersecurity to take swift action if you are affected by a recent breach.
  • Regularly perform spyware removalon mobile devices to prevent personal data leaks

Stay safe

Social engineers manipulate human feelings to carry out schemes and get victims into their traps. Therefore, be very aware whenever you feel enticed by an email, captivated by an offer displayed on a website, or when you come across a vagrant digital media campaign. Being alert can help you protect yourself against social engineering attacks taking place in the digital domain.

Make sure you adopt the right security solutions and measures and provide training and knowledge to the employees, addressing risks of social engineering attacks and how they can be avoided.

Protect yourself and your customer information by investing in an Engati on-premise solution. Register with Engati now!

Megha Baweja

Close Icon
Request a Demo!
Get started on Engati with the help of a personalised demo.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
*only for sharing demo link on WhatsApp
Thanks for the information.
We will be shortly getting in touch with you.
Oops! something went wrong!
For any query reach out to us on contact@engati.com
Close Icon
Congratulations! Your demo is recorded.

Select an option on how Engati can help you.

I am looking for a conversational AI engagement solution for the web and other channels.

I would like for a conversational AI engagement solution for WhatsApp as the primary channel

I am an e-commerce store with Shopify. I am looking for a conversational AI engagement solution for my business

I am looking to partner with Engati to build conversational AI solutions for other businesses

continue
Finish
Close Icon
You're a step away from building your Al chatbot

How many customers do you expect to engage in a month?

Less Than 2000

2000-5000

More than 5000

Finish
Close Icon
Thanks for the information.

We will be shortly getting in touch with you.

Close Icon

Contact Us

Please fill in your details and we will contact you shortly.

This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
Thanks for the information.
We will be shortly getting in touch with you.
Oops! Looks like there is a problem.
Never mind, drop us a mail at contact@engati.com