How is social engineering successful
Anyone could fall for these 5 social engineering examples!
These social engineering examples show how successfully criminals can use interpersonal influence to achieve their goal. It can be the handing over of hardware or access to buildings. There are many incidents that confirm that these attacks are being carried out in practice. It is assumed that the number of unreported victims is many times higher.
In order to be prepared for the advanced social engineering attacks, we took the trouble and picked out more sophisticated attacks. Social hacking is also used in social engineering. However, the approach taken by professional attackers is more extensive.
It's partly about faking identities and getting free services. However, breaking into IT systems is also one of the criminals' goals.
Register now for our free webinar!
Emergency plan & awareness - better before an emergency!
Now free of charge Sign in
May 28th, 2021 from 10:00 a.m. - 10:30 a.m.
Non-binding, free of charge and can be canceled at any time!
Example 1: Shoulder Surfing & Dumpster Diving
The first social engineering example has little to do with IT systems. The bigger problem is taking advantage of the carelessness of the users. In shoulder surfing, usually in public spaces, the target person looks over the shoulder.
The laptop is not always secured with a privacy film when working. In this way, people sitting next to you can collect valuable information in order to prepare an attack.
But dumpster diving is also a very non-technical approach to successful social engineering attacks. It's about stealing trash cans. If sensitive information isn't shredded, it's the jackpot for the criminals.
Even the strip cut is not sufficient destruction for sensitive documents. A cross cut makes it almost impossible for criminals to recover the documents.
In order to successfully carry out a social engineering attack in a business context, preparatory work is necessary. A sketch for this is already shown in Example 1.
However, so-called pretexting can be used to increase the probability of an attack being successful. The main focus is on human emotions and needs:
- Wishes like profiling, material gain
- fears like fear of loss or rejection
- Character traits like trust in authorities or helpfulness
The victim is contacted during pretexting. But the message picks up at least one emotion or need. The aim of the attacker is that the victim decides against the rational, correct action. The consequence can be the disclosure of sensitive information.
Those who put more effort into creating false identities as part of pretexting and, if necessary, also operate false profiles in social networks and on dating portals.
From the private context, the grandchild's trick is now a well-known scam in the form of pretexting.
Example 3: Call ID spoofing & voice manipulation
After extensive information has been collected and the first contact has taken place, the next step is to build trust and remove obstacles. The criminal pursues this goal to the suffering of the victims.
Call-ID spoofing is used, especially when fraudulent with money. The Caller ID is the telephone number of the calling person. With Call-ID spoofing, the phone number displayed for the person being called is manipulated.
The most successful fraud in the private context is police fraud. Strangers call 110 mainly seniors and give an excuse why cash or valuables have to be handed over. However, this approach also occurs in a business context.
Anyone who sends out a payment notice, especially if it is not the sender's usual e-mail, has only a slim chance of success. The chances are better if a call is announced in the email.
Calling the actual number of the person who originally owned that number increases the chances of a successful scam.
With the reduction of the voice quality and the limitation to the bare essentials, criminals drive successfully. Does the impersonated person have an extraordinary voice? Then it helps to use voice manipulation software. The first successful scams have now come to light.
Example 4: Reverse Social Engineering Attack
In the reverse social engineering attack, the victim is motivated to contact the fraudster. The creativity of the criminals is great on this point. The simple step would be to prepare an email informing you that the service provider for handling tickets has changed.
For this reason there is a new email and phone number. If the victim now opens a ticket, the “new” service desk is contacted. It is then agreed that the data that are causing the problem must be sent or the computer must be picked up by an external service provider.
Example 5: Watering Hole Attacks
The "waterhole" attack also relies on the victims' employees. The watering holes that the victim is supposed to fall for are on popular or highly visited websites.
If it is known that the employees of a company have to visit a website frequently, e.g. to open tickets, authenticate themselves or look up information, this can be used to prepare for a watering hole attack.
If the target group visits the website, the redirect placed is used to infect the victims with malware on the following website.
This procedure is complex and rarely found. But it is effective because third-party sources, popular and frequently used websites can rarely be blocked in company policies.
Extended social engineering examples that anyone can fall for - right?
The success of a social engineering attack depends on the attacker's effort. If professional attackers set out to attack with extensive monetary means, the chances are good that they will succeed.
The common phishing and spear phishing attacks have been avoided in this article - even if they can cause considerable damage, such as at Wempe or Norsk Hydro.
- How much does a utility model cost
- URLs for websites are an outdated concept
- Are you wearing a stylish hat
- What is text wrapping
- Do oil additives really make a difference
- What is the charge of the atomic nucleus?
- How does the sphincter relate to fear
- How to Prevent Brain Freezing
- What does Siri stand for?
- Who's on Viber
- Who is Brent Kutzle's family
- What's your rating of Leapforce
- Conventional medicine is worth it
- How do investors attract equity
- What is the expiration date of water
- How do I advertise services on Facebook
- Is it possible that reincarnation is real?
- Germany belongs to the Germans
- What is VigRX
- How do you know about a jungle
- Can you recommend underrated piano pieces
- What is the origin of the word ginormous
- What is 0 8 8 0 2
- Can be sent schedule 2 prescriptions
- Is crown whiskey
- ADHD Can Affect How Fast You Read
- What are some top 10 books
- Who discovered the AB blood group
- What is chronopharmacology
- Why do phones still break when dropped?
- What is the Dow Theory
- What makes RM from BTS so attractive
- Is the lack of dapps killing Ethereum
- Trying to get good government jobs