The average business faces more than 700 social engineering attacks every year. Everyday people can also become victims of social engineering tactics in order to steal their identities.
The goal of social engineering is to manipulate, influence or deceive victims into handing over confidential information. Attackers use psychological manipulation to trick users into giving this sensitive information away.
As a Miami cybersecurity company, we’ve seen many different types of social engineering tactics. Here are some that you may have never heard of.
Phishing
There are many types of social engineering attacks, but phishing is by far the most common. These attacks attempt to either spread malware or gather credentials via malicious links or infected attachments.
With phishing attacks, hackers impersonate trusted individuals or co-workers.
- Business Email Compromise (BEC): As the name suggests, this type of attack tricks victims into handing over corporate data or money. These attacks are highly targeted.
- Pharming: With this type of attack, users are redirected to a malicious site that looks identical to the official site.
- Angler Phishing: Unlike other phishing attacks, which involve sending spoof emails, these attacks are launched using fake corporate social media accounts.
- Spear Phishing: This type of phishing attack is aptly named because it’s highly targeted. In this case, fraudsters customize their message to a specific person.
- Whaling: An attack that exploits the influence of senior executives over lower-level roles.
- Tabnabbing: A sophisticated attack that affects inactive web pages. When users click away from an open tab, hackers redirect the page to a duplicate, malicious one.
More than 90% of all cyber attacks start with phishing, and they can be challenging to detect.
Diversion Theft
The diversion theft tactic isn’t exactly new. In fact, the idea originated offline. Thieves would persuade couriers to drop off or pick up a package in the wrong location or to the wrong person.
Now, criminals have adapted this same idea to the internet. They trick users into sending confidential information to the wrong person.
Typically, diversion theft attacks involve spoofing emails, IPs, GPS, DNS or even websites.
Baiting
Another common social engineering tactic is baiting. With this type of attack, scammers make false promises, like offering free prizes, to lure people into revealing personal information or installing malware on their system.
A baiting scam can come in many forms:
- Tempting online promotions
- Promises of free game or movie downloads or phone upgrades
The attackers hope that the password they use to claim their offer is one that they use on other sites.
Sometimes, baiting can come in a physical form through a malware-infected flash drive. A hacker may leave a flash drive in an area where the victim is likely to see it and insert the drive to find out who it belongs to. Meanwhile, malware is installed automatically.
Honeytrap
A honeytrap attack is a social engineering tactic that targets users looking for love on social media or dating websites. Hackers create fictitious personas and fake profiles to gain the user’s trust. Over time, as the relationship grows, the hacker tricks their victim into divulging personal information and installing malware on their system.
These are some of the lesser-known social engineering tactics that we’ve seen as a cybersecurity company in Miami. Because cyber attacks are continually evolving, it’s important to be aware of these tactics and how to identify them.