Cyber Liability

The Most Common Forms of Social Engineering Attacks

5/10/2019 | Dennis Trusty

From putting our personal information out there to something as simple as browsing travel options for the holidays, there is always a certain level of threat waiting on the other end of the network. Now, scammers are getting more sophisticated in their approach to posing security breaches including the rising concern of social engineering, a form of hacking where scammers use human psychology techniques to get valuable information from people and companies.

In a 2017 report from Verizon, the communications company studied over 42,000 security incidents that resulted in nearly 2,000 breaches. Of those breaches, 43% involved social engineering attacks. With this in mind, it’s important for companies of all sizes, especially those who work in a financial setting, to look into social engineering cyber insurance options to safeguard their bottom line and their clients’. Here’s a look at some of the most common social engineering attacks out there currently:

Phishing

Phishing has become the most common social engineering risk in recent years. Phishing scams incorporate threats, fear and a sense of urgency in an attempt to manipulate the user to act promptly or seek to obtain personal information like names and social security numbers.

Phishing scams are typically poorly crafted and contain a number of spelling errors, and their purpose is to direct potential victims to a fake website or form where they can steal login credentials and gain sensitive information.

Pretexting

Pretexting is another form of social engineering where attackers focus on creating a good pretext such as a scenario. From here, they use a made-up situation to steal their victim’s information. This kind of scam is typically outlined by showing urgency and obtaining certain parts of info to confirm their identity.

Unlike phishing emails, which use a false sense of urgency to their advantage, pretexting  attacks rely on building a strong sense of trust. The attacker can build a credible story such as something to do with IT to get any kind of information, whether it’s sensitive or non-sensitive.

Baiting

The threat that baiting poses is in the name. This kind of attack happens when a social engineer offers the promise of an item or good that can entice victims. Anything from free music to movie downloads can be offered to encroach on victims’ trust. This attack really centers in on the human psychology element of social engineering.

While a solid online security software program is always needed throughout a company’s Network, having the ability to spot these kinds of scams is key to keeping sensitive information safe from harm.