Detect Social Engineering Fraud

Detect Social Engineering Fraud

Social Engineering Crimes (Tactics) :-

  • Hacking Human Mind is much easier that hacking a computer or business. Attackers prey on human weakness like fear, greed, trust, desire, ego, sympathy, ignorance, carelessness and haste.
  • Hacking is a growing problem and these insanely easy social engineering tactics can result in major security breach. Show these tips to your friends and family members so that any individual or a business doesn’t become a victim to hacker.
  • 2 Basic Types of Tactics (1) Phone (2) Digital .. Leaving the In-Person Social Engineering Tactics

(1) Phone - Social Engineering Tactics:-

  • "Here Are A Few Common Tactics Used by Hackers to Deceive, Gain Trust and get Information Over Phone”.
  • Panic: When someone calls you pretending to be support and provide frantic scenario that compromises your safety (like resetting your password or allowing remote access).
  • Anger: When someone calls you pretending they are in a position of authority (like executive or manager) and uses anger to intimidate.
  • Donations: When someone calls you pretending they are someone from a known organisation you might be interested in (political, university, disaster relief , NGO etc.).
  • Vishing: When someone calls you with a pre-recorded message pretending to be your bank and asks you to call a number to confirm your account and transactions.
  • Smishing: When someone sends you an SMS text messaging to lure victims into a specific course of action. Like phishing it can be clicking on a malicious link or divulging information.
  • Juice jacking: When someone offering a charging port that doubles as a data connection, typically over USB. This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, or other computer device.

(2) Digital - Social Engineering Tactics :-

  • "Here Are A Few Common Tactics Used Through Email, Websites And Social Media"
  • Pretexting: When someone sends you on email with a domain that looks trustworthy and addresses it from a known contact from that domain. Often there is an attachment that contains malware.
  • Phishing When someone publishes a fake website that mimics a brand and service to gain your trust. These websites will request information through forms and offer downloads containing malware.
  • Social Media Phishing: When someone builds a social media page that mimics a trusted brand. The account will try to publish relevant content that persuades you to click and download a malicious file.
  • Reverse Engineering: When someone executes to minor attack on your company to expose a vulnerability, then conflicts you to inform you and offer to “fix” the problem.
  • Quid Pro Quo: Quid pro quo means something for something: When someone calls random numbers at a company, claiming to be calling back from technical support. Eventually this person will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and, in the process, have the user type commands that give the attacker access or launch malware.
  • Baiting: Baiting is like the real-world Trojan horse that uses physical media and relies on the curiosity or greed of the victim. In this attack, attackers leave malware-infected USB flash drives in locations people will find them (bathrooms, elevators, sidewalks, parking lots, etc.), give them legitimate and curiosity-piquing labels, and waits for victims.
  • Typo Squatting: When someone uses common types for brand URL’s and mimics 1he brand to gain trust. The fake website can easily collect form information if 1he typo is not noticed.
  • Friendly Emails: When someone sends you an email either from a hacked friend's account or creates a similar account and uses your friend's name. Often there is an attachment that contains malware.

Reach us at: support@endnowfoundation.org