An attack on an inexperienced Internet user can follow many different scenarios.
Attackers use such human feelings as inattention, curiosity, greed, and credulity, “play” on the qualities of the interlocutor’s character or lack of professional knowledge. Let’s talk about the most common types of social engineering.
One of the main methods of social engineering – phishing – is to create a mass Internet mailing allegedly on behalf of a well-known organization. In the classic phishing scheme, the user receives an email with a “reasonable” request to follow a link to a fictitious site for authorization. The letter may ask you to change your password or provide your bank card details. The victim of fraud does not understand what is falling on the phishing resource and provides the requested information.
This technique involves hacking into a victim’s computer. The essence is as follows: the mail receives a letter with an offer to receive additional income, winnings, compromising information on a colleague, antivirus updates, or other “bait”. By downloading the program, the user infects his device with a virus that can collect or modify available information. The file is carefully disguised, so not everyone can recognize a fake: that is why the “Trojan horse” is considered one of the methods of social engineering.
Qui about quo
This method got its name from the Latin phrase “quid pro quo”, which means “service for service”. The criminal’s algorithm is as follows: he calls the user, introduces himself as a technical support officer, and reports software failures. Of course, there are no problems, but a gullible person tries to help and follows the instructions of the attacker, thus providing access to important information.
Another method of social engineering. Pretexting is an action performed according to a pre-compiled algorithm. To obtain the necessary data, the social hacker pretends to be a person known to the potential victim. Attackers call citizens and are represented by employees of credit and financial organizations, call centers, or technical support. To build trust, fraudsters tell the other personal information about him or her (such as last name, position, date of birth) or projects he or she is working on. Sometimes a hacker pretends to be an acquaintance or family member and asks you to quickly transfer funds to a specified account.
Reverse social engineering
This type of attack is aimed at creating a situation where the victim turns to the scammer. Usually, criminals achieve their goal in two ways: by advertising their own “services” or by installing malware.
Introduction of special software
The cybercrime scheme is designed to get the user to contact them. Initially, the installed program works “like clockwork”, but over time, problems occur. By performing the actions specified by fraudsters, a person provides access to their data. And when the fact of information leakage is revealed, the perpetrator remains unsuspecting, because, according to the victim, he was simply providing assistance and doing his job.
Another example of using social engineering techniques is that dialog boxes may appear on your device notifying you of a failure or need to update. Unaware of the fraud, the user follows a link in a dialog box or downloads a “new version” of the program, thereby installing a malicious file on their computer.
Most often, when looking for a master, we rely on our own intuition and can not always objectively evaluate the work of a technical specialist. This is used by criminals: by advertising services, they create a situation where the potential victim is forced to turn to them. Under the guise of repairing or restoring Windows, a scammer may install a virus file or gain access to sensitive information. If a hacker has the makings of a psychologist, he can easily extract the necessary data in the communication process.