Project Bytesgate
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.
Scams based on social engineering are built around how people think and act. As such, social engineering attacks are especially useful for manipulating a user’s behavior. Once an attacker understands what motivates a user’s actions, they can deceive and manipulate the user effectively.
In addition, hackers try to exploit a user's lack of knowledge. Thanks to the speed of technology, many consumers and employees aren’t aware of certain threats like drive-by downloads. Users also may not realize the full value of personal data, like their phone number. As a result, many users are unsure how to best protect themselves and their information.
Generally, social engineering attackers have one of two goals:
This social engineering definition can be further expanded by knowing exactly how it works.
One of the many social engineering methods is pretexting. The attackers conducts thorough research on the victim (which in the age of social media is not so difficult). Then they can, for example, call claiming to be a representative of a company offering excellent BaaS solutions. They use phrases that awaken the caller’s interest (e. g. special deals). They then proceed to extract the necessary information by asking relevant questions, for example: "What server does the company use?" or "Where has the company stored data backups so far?". The final stage is to end the conversation, possibly by quoting a very high price so that the victim can reply that they are not interested in the offer.
Emotions are very often used when executing an attack. Under their influence, people tend to make irrational decisions. The sense of urgency makes the victim feel time pressure. This can be achieved by offering a reward only if the victim decides within a certain amount of time. Establishing trust is the basis of the whole process. It is for this reason that the attacker conducts thorough research on a company or individual.
However, there are many more social engineering examples. These can be: