In this tutorial, you’ll learn techniques of social engineering.
Social engineering has a lot of techniqeus. The following some techniques of social engineering:
Firstly, Phishing Attacks
phishing attack is the oldest technique and the effective technique to that of social engineering. For instance, victim get fake tempting mail. (buy with %95 discount x product of y brand that just this link click and sign in. link usually hasn’t https (has http). s of https stand for security that web site.
Attacks using phishing are targeted in one of two ways:
1- Spam phishing, or mass phishing, is a widespread attack aimed at many users. These attacks are non-personalized and try to catch any unsuspecting person.
2- Spear phishing and by extension, whaling , use personalized info to target particular users. Whaling attacks specifically aim at high-value targets like celebrities, upper management, and high government officials.
Methods used in phishing each have unique modes of delivery, including but not limited to:
Voice phishing (vishing) phone calls may be automated message systems recording all your inputs. Sometimes, a live person might speak with you to increase trust and urgency.
SMS phishing (smishing) texts or mobile app messages might include a web link or a prompt to follow-up via a fraudulent email or phone number.
Email phishing is the most traditional means of phishing, using an email urging you to reply or follow-up by other means. Web links, phone numbers, or malware attachments can be used.
Secondly, Whailing
Whaling is a term used to describe phishing attacks that target a specific, high-profile person.Usually,
an executive, government official, or celebrity.
The victims of whaling attacks are considered “big fish” to cybercriminals. These targets offer great potential to scammers with either large financial payouts or access to valuable data.
They’ll send mail with PDF, or slide deck. But when victims click the link, they’re taken to a malicious website. And if they try to open the attachment, malware infects their system and spreads to their network.
Note: we’ll do a mini project like this scenario in the finish tutorial.
Thirdly, Baiting
Baiting is a type of social engineering attack in which scammers lure victims into providing sensitive information by promising them something valuable in return.
For example, scammers will create pop-up ads that offer free games, music, or movie downloads. If you click on the link, your device will be infected with malware.
That’s all for now. In this tutorial, we learned social engineering techniques and kind of technique.
