Social engineering is nothing but a cybersecurity threat that takes advantage of your most vulnerable link in the human workforce or the security chain to get passage to corporate networks. Attackers use complicated emotional and trickery manipulation to cause employees, even senior staff, to withdraw sensitive data.
- Human-based social
engineering techniques.
- Technology-based social engineering techniques.
Human-based social engineering techniques:
There are many Human-based social engineering techniques, but
let’s discuss four main types:
- Shoulder Surfing: Shoulder Surfing is one of the most common techniques. This type is where the hacker can stand right next to you and watch the information like PIN and password and use that information for
data breaching.
- Hoaxing: This is a technique where the social engineer provides
false information to the target audience.
- Creating Confusion: Social Engineers create a confusing situation and
then grabs confidential data by taking advantage of that situation.
- Tailgating: This is a social engineering technique where an unauthorized person follows the authorized person to a restricted area to purloin confidential information.
Now let us compare each
other on the basis of the following properties:-
The below-mentioned parameters serve as the standard for a
structured comparison between various human-based social engineering cyber
threats that we face today. So, let us explore the multiple possibilities based
on the same and make a detailed analysis of the threats explored above:
- Time consumption: This shows us how much time it will take to complete the technique. It generally covers the total time that may take for the successful completion of the cyber attacks in concern.
- Information Provider: It tells us the data provided to the target is false or
true. To elaborate further, it is that tool that gives us the estimate of
Data lost or found in an attack.
- Role-Playing: It tells us whether the attacker is pretending to be
someone or not.
- The Intensity of Attack: It tells us the intensity of the
risk involved due to the attack.
- Effectiveness: It tells us how efficient the attack is.
- Untargeted/Targeted: It defines whether the attack is for a particular person or not.
- Mediated/Directed: It tells us whether the attack is direct or indirect.
|
|
Time consumption |
Information provider |
Role playing |
Intensity
of attack |
Effectiveness
|
untargeted/ targeted |
direct/mediate |
|
Shoulder surfing |
Less |
No Need |
No Need |
Low |
Less |
Targeted |
N/A |
|
Hoaxing |
Less |
False |
Yes |
Low |
Less |
Targeted |
Direct |
|
Creating
confusion |
Least |
False |
Yes |
Moderate |
Moderate |
Untargeted |
Both |
|
Tailgating |
Less |
No Need |
No Need |
Low |
Moderate |
Targeted |
N/A |
Technology-based social engineering techniques:
Let us discuss four different Technology-based social
engineering techniques:
- E-mail attachment: A spy software is sent in the mail which spoofs our computer, and that software sends the confidential data to the attacker. There are various types of attacks usually executed using e-mail
attachments, including traditional malware and spyware attacks.
- Phishing: This
is a kind of technique in which the attacker creates a fake login web page
that looks exactly like a real one, so the target enters credentials
through which the attacker can access the info. This technique is often
used to track and steal sensitive personal information of all kinds that
can somehow cause harm to the owner of the data.
- Spoofing a brand: The process of spoofing a brand is relatively easy but morally corrupt. Here, the attacker usually mimics the website of any big brand and sends fake e-mails randomly using an extension of that brand name. People who are using that brand will eventually enter the
confidential data, which, in turn, benefits the attacker.
- Baiting: Baiters may use passing opportunities like lured attractions or the proposal of free movies or music downloads to fool users into handing in their logins.
|
|
Time
consumption |
Information provider |
Role playing |
Intensity
of attack |
Effectiveness
|
untargeted/ targeted |
direct/mediate |
|
E-mail attachment |
Least |
False |
No |
Low |
Moderate |
Targeted |
Direct |
|
Phishing |
Moderate |
False |
No |
Moderate |
High |
Both |
Direct |
|
Spoofing a brand |
Most |
False |
Maybe |
High |
Moderate |
Untargeted |
Direct |
|
Baiting |
Moderate |
False |
No |
Low |
High |
Both |
Both |
Why InfosecTrain?
We are proud to announce that InfosecTrain is one of the
leading training providers with a pocket-friendly budget! So, if you want to
get a good knowledge of social engineering techniques in the context of GDPR training Online, then join us to experience an
incredible journey with our industry experts. Our courses are available both in
live instructor-led and self-paced sessions, making it easy for you to take up
and complete your learning/ training journey at ease! Join InfosecTrain to
learn skills that can change your life!
