What are the types of social engineering attacks?
- Business email compromise (BEC)
- Diversion theft
Social engineering attacks are a wide range of malicious actions that are carried out through human interactions. These involve manipulating people to try and trick them into giving up important information — such as passwords and bank information. This article will discuss the different types of social engineering attacks such as phishing, business email compromise, pharming, and diversion theft. Read on to learn more.
Phishing is considered the most common social engineering attack. It is used to trick targets into revealing sensitive data through fake emails or texts that come from people pretending to be a member of a legitimate institution. This information often includes login credentials, banking information, and personal information. Once a criminal has access to these, they can be used for identity and financial theft.
For example, an attacker would email a victim pretending to be from another recognized organization — like a customer support representative from a partner vendor. The message would include a request for the victim to click on an attachment to update their password. The link sends the victim to a fake website asking them for their current login credentials, which will be sent to the cybercriminal.
Phishing attacks can be prevented by knowing what to look out for. Some red flags of this social engineering attack include an unrecognizable sender email, a message that’s unusual or out of character, and an unexpected email with an embedded hyperlink.
Aside from keeping abreast of the most effective cybersecurity practices, email security solutions like Trend Micro Email Security can help screen out phishing emails. This is done by analyzing malicious senders and email content and sending a prompt to the user that the attachment or message may be suspicious.
Business Email Compromise (BEC)
Business email compromise (BEC) is a type of social engineering attack and phishing scam which involves sending victims emails from senior members of staff. Email accounts of these individuals are spoofed or compromised to do fraudulent transfers, which could lead to financial loss for organizations.
For instance, an attacker will pose as the CEO of a company and send an email requesting a money transfer from employees in the finance department. Or cybercriminals could pretend to be one of the suppliers for the company and request a fund transfer in exchange for services.
Employee training and awareness can help organizations spot BEC attacks. It’s a good practice for employees to confirm requests first before proceeding. Enable multi-factor authentication for email accounts to make it more difficult for a cybercriminal to gain access to them.
Pharming is a combination of “phishing” and “farming”. It involves manipulating a website’s traffic and stealing confidential information. In this social engineering attack, users who are trying to reach a legitimate website will be redirected to a fake website.
The criminal’s goal is to retrieve financial data or login credentials. In pharming, the attacker hijacks the browser settings of the victim or runs a background process to redirect the victim to a fake website. Pharming attacks don’t rely on email, but malware. This malware installation file is first executed, so it can run on the computer of the victim.
To avoid being a victim of a pharming attack, it’s important to follow the best practices to prevent viruses. Never click on links from popups and unknown senders, check website addresses for typos, enable two-factor authentication, change default settings of the Wi-Fi router, and use a robust anti-malware and antivirus solution.
In real-world situations, a diversion theft occurs when a delivery carrier (like a van, for example) is intercepted in transit to redirect its location from the original address. This allows criminals easy access to the goods or packages inside the van.
Similarly, in an online diversion theft scheme, a criminal tricks the victim into sending sensitive data to the wrong person. This is done through phishing practices when a criminal impersonates the email of an employee in the victim’s company.
To avoid diversion theft, it’s important to follow the best practices when it comes to countering phishing attacks. For example, if a request to be redirected to a new location comes up, then it’s important to confirm with the legitimate representative or proper authority before proceeding with the redirection.
These are just a few types of social engineering attacks. There’s more to be aware of – such as baiting, honey trap, scareware, watering hole, and many more. That’s why organizations need to educate their employees when it comes to the best practices for cybersecurity. It’s also beneficial to have the right IT solutions in place to provide another layer of security to critical business data.
If you’re interested in finding out what IT solutions would best protect you from cybercriminals, you can contact us here at CT Link! From email security service, multi-factor authentication, and many more — we are always evolving our solutions to fit with the current developing IT landscape. This way, you can protect your important business data from theft or breach.