Social engineering refers to the psychological manipulation that compel people into acting or disclosing private information of themselves. Though In 1911, Edward L. Earp wrote Social Engineer to inspire people to approach social interactions in the same way that they approach machinery, nowadays, the term “social engineering” refers to the tactic of tricking someone in order to gather important information which most of the time leads to a cyber attack.

Types of Social Engineering

Some common types of social engineering attacks:

• Phishing
• Whaling
• Baiting
• Diversion Theft
• Business Email Compromise (BEC)
• Quid Pro Quo
• Tailgating

Phishing: Phishing is a type of cyber attack that involves using disguised emails or messages to deceive recipients into divulging sensitive information, downloading malware or taking actions that compromise their security. It is a matter of concern as they can result in large financial loses and data breaches.

Whaling: Whaling is also known as “CEO ATTACK”. Attackers use this technique in order to steal money or sensitive information or obtain access to an organization’s computer systems for illegal reasons. It is similar to phishing. Its goal is to deceive a victim into executing an action—such as disclosing private information or sending money—by using various techniques including email and website spoofing.

Baiting: Baiting attacks are often used to steal personal information or money from victims. In this attack, the attacker can send an email message to the victim’s inbox containing an attachment containing a malicious file. After opening the attachment, it installs itself on the computer and spies on user’s activities. The attacker also sends an email containing a link to a website that hosts malicious code. While clicking the link, it can infect device with malware or ransomware.

Diversion Theft: In this attack, attackers at first employ one attack such as DDoS (Distributed Denial of Services), ransomware, phishing and when the cyber teams get to solve these problems, attackers take advantages of it and gets their required information of the company. After getting out the information, they leave quietly without leaving any trace of their presence.

Business Email Compromise: Business Email Compromise (BEC) is a cyberattack where the attacker impersonates as a trusted entity, such as a company executive, CEO, a supplier or a third-party vendor to deceive employees into performing actions or sharing sensitive information. In BEC organizations that conduct frequent wire transfers or handle sensitive financial transactions are targeted. They send emails using a similar domain name or manipulate the display name to make the email appear legitimate and requests for information or funds.

Quid Pro Quo: The name of this attack “quid pro quo” comes from Latin. It means “something for something”. In this type of social engineering attack, the attacker provides the victim favor in return for information or other benefits. When launching the attack, the attacker offers the victim some benefit which could be a service, such as removing malware and potential viruses from the victim’s computer and in return, they take the access of the victim’s information and misuses that.

Tailgating: Alongside of software-based attack, social engineering also contains physical attack such as tailgating. In this type of attack, the attackers directly try to invade in the office without making a noise. They try to impersonate as an employee who has forgotten his ID card, or he is fully occupied with things in both hands, or trying to meet one of the employees of the office. Then they enter into the office and steal data or tamper data or can gain access to the data room where various sensitive data are stored. They can also install malware on critical infrastructure, encrypt infrastructure, encrypt data breaches.