Common Social Engineering Attacks

Social engineering is a method that cyber criminals use to trick individuals into revealing confidential information to gain access to systems. Once obtained, that information can be used to carry out actions that could lead to the demise of your organization; a whopping 60% of small companies go out of business within six months of a cyber-attack. Fortunately, knowledge is power.  Here are the most common social engineering attacks to look out for.

1. Phishing: a malicious user poses a trustworthy source (ex. your bank) and sends you an email that creates a false emergency and requires you to click a link. The link takes you to a website where you are prompted to enter sensitive information
2. Spear phishing: similar to phishing, but tailored for a specific individual or organization
3. Baiting: the attacker leaves a malware infected physical device, such as a USB flash drive, in a place where it is sure to be found
4. Pretesting: one party lies to another to gain access to privileged information (ex. attacker pretends to need personal or financial data to confirm the identity of the recipient)
5. Scareware: tricking the victim into thinking his/her computer is infested with malware or has inadvertently downloaded illegal content. The attacker then offers a solution to repair and the victim is tricked into downloading and installing the attacker’s malware
6. Drive–By Download: websites are able to upload malicious software to a computer without anyone clicking on anything. Simply visiting the website initiates the attack. Drive-by downloads are combined with phishing emails
7. Point-of-Sale Hacking: involves a hacker remotely scraping the credit card information stored on a point of sale device
8. Malware: broad term used to describe malicious software that can damage the computer and gain access to sensitive data which could include:
   • Adware: a form of malware that is bundled with free or pirated versions of software and is designed to launch advertisements or pop-ups when the computer is using a web browser
   • Spyware: designed to spy on the user’s activities and monitor things such as keystrokes and websites visited in order to steal passwords and can also change the computer security settings
   • Trojan horses: appear as normal files but once downloaded, they give a malicious user access to the computer and information

To ensure that your organization is protected from the damaging ramifications of a social engineering attack, and to learn more about cyber security risks, please contact Brian Kilcoyne, CIC at P: 617-612-6515/E: briankilcoyne@hkinsurance.com.