www.mitnicksecurity.com
Open in
urlscan Pro
2606:2c40::c73c:67fe
Public Scan
URL:
https://www.mitnicksecurity.com/blog/6-types-of-social-engineering-attacks
Submission: On May 09 via manual from US — Scanned from JP
Submission: On May 09 via manual from US — Scanned from JP
Form analysis 0 forms found in the DOM
Text Content
* Speaking
* Hire Kevin to Speak
* Virtual Events
* Speaking Topics
* Speakers Bureaus
* Security Services
* Penetration Testing
* Internal Network Penetration Testing
* Incident Response
* Computer Forensics
* Expert Witness Services
* Security Awareness Training
* Vulnerability Assessment
* Product Claims testing
* Red Team Operations
* Social Engineering Strength Testing
* Books
* The Art of Invisibility
* Ghost in the Wires
* The Art of Intrusion
* The Art of Deception
* About
* About Kevin
* Global Ghost Team
* Our Clients
* Testimonials & Reviews
* Press Archives
* Media Kit
* Resources
* FAQs
* Blog
* Lockpick Business Card
* Contact Us
* Submit a Proposal
* Join the Team
* SPEAKING
WORKING WITH KEVIN
--------------------------------------------------------------------------------
* HIRE KEVIN TO SPEAK
The World’s Most Famous Hacker & One Hell of a Presenter
* VIRTUAL EVENTS & WEBINARS
Unsurpassed Experience in Successful Online Events and Trainings
* SPEAKING TOPICS
Interactive Cybersecurity Stage Shows That Keep You on the Edge of Your
Seat
BUREAU INFORMATION
--------------------------------------------------------------------------------
* ABOUT KEVIN
Learn more about Kevin Mitnick, the world's leading authority on
cybersecurity
* SPEAKERS BUREAUS
Booking the World’s Top Cybersecurity Expert is Easy
* MEDIA KIT
Bureau Friendly Materials for Speaking Engagementss
RELATED RESOURCE
--------------------------------------------------------------------------------
CHOOSE YOUR NEXT CYBERSECURITY SPEAKER WITH CONFIDENCE
From brainstorming to booking, this guide covers everything your organization
needs to know about hiring a cybersecurity speaker for conferences and
virtual events.
Get the Guide Now
* SECURITY SERVICES
* PENETRATION TESTING
The Ultimate Tool for Cyber Security Assessment
* INCIDENT RESPONSE
Comprehensive Expert Help After a Security Incident
* COMPUTER FORENSICS
Arm Your Legal Team with Digital Evidence
* EXPERT WITNESS SERVICES
Build Your Case with Kevin's Expertise
* SECURITY AWARENESS TRAINING
Your Comprehensive Security Training Library
* VULNERABILITY ASSESSMENT
See Your System Through the Eyes of a Hacker
* PRODUCT CLAIMS TESTING
Get Unbiased Proof From the Best in the Business
* RED TEAM OPERATIONS
Evaluate Your Response to An Active Data Breach
* SOCIAL ENGINEERING TESTING
Safeguarding Your Security From Human Manipulation
--------------------------------------------------------------------------------
Speak to an expert about your security needs
Our full-spectrum offensive security approach is designed to help you find
your organization's vulnerabilities and keep your users safe. From fully
custom pentests to red teaming to security awareness training, Kevin Mitnick
and The Global Ghost Team are here to raise your security posture.
Contact Mitnick Security
* BOOKS
BOOKS FROM KEVIN MITNICK
--------------------------------------------------------------------------------
* GHOST IN THE WIRES
My Adventures as the World's Most Wanted Hacker: A New York Times
Bestseller
* THE ART OF INVISIBILITY
The World's Most Famous Hacker Teaches You How to Be Safe in the Age of
Big Brother and Big Data
* THE ART OF INTRUSION
The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
* THE ART OF DECEPTION
Recommended in colleges and in the cybersecurity workplace
IN THE NEWS: MORE FROM KEVIN MITNICK
--------------------------------------------------------------------------------
ADVICE FROM KEVIN MITNICK FEATURED IN THE WALL STREET JOURNAL OP-ED
Kevin Mitnick was interviewed by Mr. Maniloff who is an attorney at White and
Williams LLP in Philadelphia and an adjunc..
12 WAYS TO DEFEAT TWO-FACTOR AUTHENTICATION
Everyone knows that two-factor authentication (2FA) is more secure than a
simple login name and password, but too many p..
WE NEED TO TALK ABOUT NIST’S DROPPED PASSWORD MANAGEMENT RECOMMENDATIONS
Passwords and their protection are among the most fundamental, essential
aspects of enterprise data security. They also ..
KNOWBE4 POSITIONED AS LEADER IN THE GARTNER MAGIC QUADRANT FOR SECOND
CONSECUTIVE YEAR
KnowBe4 recognized for security awareness computer-based training; positioned
furthest in vision (Ed. note: Kevin Mitnic..
* ABOUT
ABOUT OUR TEAM
--------------------------------------------------------------------------------
* ABOUT KEVIN
Whether you call him famous or infamous, Kevin Mitnick is one of a kind.
* GLOBAL GHOST TEAM
The Best of the Best In Cyber Security and Pentesting, Handpicked for Your
Team
* IN THE NEWS
The Latest Cybersecurity Articles & News About Kevin Mitnick & Mitnick
Security
OUR WORK
--------------------------------------------------------------------------------
* OUR CLIENTS
Our Legacy of Extraordinary Services for Extraordinary Clients
* TESTIMONIALS & REVIEWS
Approved Quotes about Kevin's Live Hacking Appearances
* MEDIA KIT
For Your Website, E-mail and Print Needs All material is "Bureau Friendly"
with no direct branding!
--------------------------------------------------------------------------------
RAISING YOUR SECURITY POSTURE WITH THE GLOBAL GHOST TEAM
The ethical hackers of The Global Ghost Team are lead by Kevin Mitnick
himself. They're the power behind our 100% penetration testing success rate.
Are you ready to work with the best of the best? Contact us today
Get Started
* RESOURCES
RESOURCES
--------------------------------------------------------------------------------
* FAQS
Explore answers to commonly-asked questions from fans, clients, colleagues
and everyone in between.
* BLOG
The latest news from Kevin Mitnick and the Global Ghost Team
* LOCKPICK BUSINESS CARD
Learn More About the Card That Opens Doors Around the World
RECENT ARTICLES
--------------------------------------------------------------------------------
HACKER SECURITY 101: HOW TO PROTECT YOURSELF
In March 2022, tools manufacturer Snap-On admitted to a serious data breach
that left personal information exposed inclu..
HOW TO BOOK A CYBER SECURITY SPEAKER FOR YOUR EVENT
Any cybersecurity event — in-person or virtual — is only “worth it” if the
audience is engaged and comes out of the even..
WHAT IS A SOCIAL ENGINEERING ATTACK?
Most organizations use security scans to protect their data and employees
from threat actors, however, a simple scan may..
FEATURED RESOURCE:
--------------------------------------------------------------------------------
THE HISTORY OF SOCIAL ENGINEERING
Social engineering has been around for millennia. But it’s evolved and
developed dramatically. Learn its history and how to stay safe in this
resource.
Read More
* CONTACT US
CYBER SECURITY ARTICLES & NEWS
6 TYPES OF SOCIAL ENGINEERING ATTACKS
Posted by Mitnick Security on Apr 5, 2021 8:00:00 AM
Social engineering attacks account for a massive portion of all cyber attacks,
and studies show that these attacks are on the rise. According to KnowBe4, more
than 90% of successful hacks and data breaches start with a common type of
social engineering attack called phishing.
Social engineers are clever and use manipulative tactics to trick their victims
into disclosing private or sensitive information. Once a social engineer has
tricked their victim into providing this information, they can use it to further
their attacks.
One of the best ways to keep yourself safe from a social engineering attack is
to be able to identify them. Let's explore the six common types of social
engineering attacks:
1. PHISHING
Phishing is a social engineering technique in which an attacker sends fraudulent
emails, claiming to be from a reputable and trusted source. For example, a
social engineer might send an email that appears to come from a customer success
manager at your bank. They could claim to have important information about your
account but require you to reply with your full name, birth date, social
security number and account number first so that they can verify your identity.
Ultimately, the person emailing is not a bank employee; it's a person trying to
steal private data.
Phishing, in general, casts a wide net and tries to target as many individuals
as possible. However, there are a few types of phishing that hone in on
particular targets.
* Spear phishing is a type of targeted email phishing. In a spear phishing
attack, the social engineer will have done their research and set their sites
on a particular user. By scouring through the target's public social media
profiles and using Google to find information about them, the attacker can
create a compelling, targeted attack. Imagine that an individual regularly
posts on social media that she is a member of a particular gym. In that case,
the attacker could create a spear phishing email that appears to come from
her local gym. The victim is more likely to fall for the scam since she
recognized her gym as the supposed sender.
* Whaling is another targeted phishing scam. However, in whaling, rather than
targeting an average user, social engineers focus on targeting higher-value
targets like CEOs and CFOs. Whaling gets its name due to the targeting of the
so-called "big fish" within a company.
2. VISHING AND SMISHING
While phishing is used to describe fraudulent email practices, similar
manipulative techniques are practiced using other communication methods such as
phone calls and text messages.
Vishing (short for voice phishing) occurs when a fraudster attempts to trick a
victim into disclosing sensitive information or giving them access to the
victim's computer over the telephone. One popular vishing scheme involves the
attacker calling victims and pretending to be from the IRS. The caller often
threatens or tries to scare the victim into giving them personal information or
compensation. Vishing scams like the one often target older-individuals, but
anyone can fall for a vishing scam if they are not adequately trained.
Smishing (short for SMS phishing) is similar to and incorporates the same
techniques as email phishing and vishing, but it is done through SMS/text
messaging.
See some real life examples of phishing scams by reading our blog Social
Engineering Attack Examples.
3. PRETEXTING
Pretexting is a type of social engineering technique where the attacker creates
a scenario where the victim feels compelled to comply under false pretenses.
Typically, the attacker will impersonate someone in a powerful position to
persuade the victim to follow their orders.
During this type of social engineering attack, a bad actor may impersonate
police officers, higher-ups within the company, auditors, investigators or any
other persona they believe will help them get the information they seek.
4. BAITING
Baiting puts something enticing or curious in front of the victim to lure them
into the social engineering trap. A baiting scheme could offer a free music
download or gift card in an attempt to trick the user into providing
credentials.
A social engineer may hand out free USB drives to users at a conference. The
user may believe they are just getting a free storage device, but the attacker
could have loaded it with remote access malware which infects the computer when
plugged in.
5. TAILGATING AND PIGGYBACKING
Tailgating is a simplistic social engineering attack used to gain physical
access to access to an unauthorized location. Tailgating is achieved by closely
following an authorized user into the area without being noticed by the
authorized user. An attacker may tailgate another individual by quickly sticking
their foot or another object into the door right before the door is completely
shut and locked.
Piggybacking is exceptionally similar to tailgating. The main difference between
the two is that, in a piggybacking scenario, the authorized user is aware and
allows the other individual to "piggyback" off their credentials. An authorized
user may feel compelled by kindness to hold a secure door open for a woman
holding what appears to be heavy boxes or for a person claiming to be a new
employee who has forgotten his access badge.
See how social engineers fooled big companies like Target, Twitter and more by
reading The Top 5 Most Famous Social Engineering Attacks of the Last Decade.
6. QUID PRO QUO
Quid pro quo (Latin for 'something for something') is a type of social
engineering tactic in which the attacker attempts a trade of service for
information. A quid pro quo scenario could involve an attacker calling the main
lines of companies pretending to be from the IT department, attempting to reach
someone who was having a technical issue.
Once the attacker finds a user who requires technical assistance, they would say
something along the lines of, "I can fix that for you. I'll just need your login
credentials to continue." This is a simple and unsophisticated way of obtaining
a user's credentials.
CYBER THREATS BEYOND SOCIAL ENGINEERING
While social engineering is no doubt one of the biggest ways bad actors trick
employees and managers alike into exposing private information, it's not the
only way cyber criminals are exploiting companies small and large.
Know what threats you and your team are up against by downloading our 5-½ Steps
to Avoid Cyber Threats ebook.
Topics: Social Engineering, social engineering threats, social engineering
attacks
LATEST POSTS
Kevin offers three excellent presentations, two are based on his best-selling
books. His presentations are akin to technology magic shows that educate and
inform while keeping people on the edge of their seats. He offers expert
commentary on issues related to information security and increases “security
awareness.”
HACKER SECURITY 101: HOW TO PROTECT YOURSELF
In March 2022, tools manufacturer Snap-On admitted to a serious data breach that
left personal information exposed including names, birth dates, socia..
Read more ›
HOW TO BOOK A CYBER SECURITY SPEAKER FOR YOUR EVENT
Any cybersecurity event — in-person or virtual — is only “worth it” if the
audience is engaged and comes out of the event with the knowledge and power..
Read more ›
WHAT IS A SOCIAL ENGINEERING ATTACK?
Most organizations use security scans to protect their data and employees from
threat actors, however, a simple scan may not be updated or thorough en..
Read more ›
© Copyright 2004 - 2022 Mitnick Security Consulting LLC. All rights Reserved. |
Privacy Policy