Network security breaches resulting from social engineering attacks are on the rise in Kansas City and around the world. Social engineers use various manipulative techniques to trick victims into disclosing sensitive information, which they then use to facilitate their cyberattacks. These techniques include phishing/vishing/smishing, pretexting, baiting, tailgating/piggybacking, and quid pro quo.
No, this isn’t another nursery rhyme. Most everyone is familiar with phishing by now. Attackers send fraudulent emails claiming to be from a reputable source and requesting personal information. Generally speaking, phishing scams tend to target as many people as possible, but there are a couple more targeted types.
When an attacker researches a particular user to create a targeted attack, we call it spear phishing. They might comb through your social media to find out where you bank or shop regularly then pretend to be a representative contacting you about a problem with your account. Whaling is like spear phishing, except that it targets “big fish” like CEOs and CFOs.
Vishing, or voice phishing, is when the attacker tries to trick a victim into giving them computer access or sensitive information over the phone. Smishing, or SMS phishing, is the same but over text message. The evergreen IRS scam we’ve all heard about is an example of a vishing/smishing scam.
In a pretexting scam, the attacker impersonates someone in a powerful position such as an investigator, auditor, or police officer, and creates a scenario where the victim feels compelled to provide the requested information.
Baiting is exactly what it sounds like - luring victims into a social engineering trap with promises of gifts or prizes if they only provide their credentials. Baiting also includes free downloads or USB drives loaded with malware.
Sorry folks, we’re not talking about the fun kind. The tailgating and piggybacking we’re talking about here are both methods of gaining access to a secure area in the physical world. Tailgating refers to closely following an authorized user into a secure area without being noticed, like by grabbing the door before it latches. Piggybacking is the same except that the authorized user is aware that they’re letting someone in, usually under the ruse of a lost access badge or armloads of boxes.
Quid pro quo (Latin, meaning ‘something for something’) is when the attacker tries to trade services for information. A quid pro quo scheme might involve an attacker pretending to be a company’s network security officer calling employees and saying they just need their login credentials to fix a security issue.
RAVENii is a managed security service provider offering multiple solutions to help educate your employees and protect your organization from social engineering attacks in Kansas City and nationwide, including but not limited to:
For more information about network security and incident response services from RAVENii in Kansas City and nationwide, click here or call (844)317-0944 today.