Common Techniques of Social Engineering:
Phishing: This is the most common type of attack used in social engineering. Phishing seeks to obtain personal information. Phishing commonly uses shortened or embedded links that redirect users to suspicious websites in URLs that appear legitimate. Phishing tends to incorporate threats, fear, and a sense of urgency to manipulate the user into acting promptly.
Pretexting: Pretexting is another form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they can use to try and steal their victims’ personal information. A pretext is a false motive. Pretexting often involves a scam where the deceiver pretends to need information to confirm the identity of the person they are talking to.
Baiting: Baiting is similar to phishing attacks. However, what distinguishes them from other types of social engineering is the promise of an item or good that hackers use to entice or motivate their victims. Another common baiting technique is for the attacker to leave USB’s laying around in hopes that curiosity takes over and the victims then plug in the infected USB devices into their systems which typically enable malicious programs.
Quid Pro Quo: Similar to baiting, quid pro quo attacks promise a benefit in exchange for information. This benefit usually assumes the form of a service, whereas baiting frequently takes the form of a good.
Tailgating/Piggybacking: These types of attacks involve someone who lacks proper authentication/credentials following an employee into a restricted area.
Remember, social engineering is nothing more than an attacker building trust with you, then abusing that trust to get what they want. If you get an email, message, or phone call that seems odd, suspicious, or too good to be true, it may be an attack. Common indicators of a social engineering attack include people asking for information they shouldn’t have access to, using a lot of technical terms that are used to confuse/deceive you, and creating a sense of urgency to add pressure to the situation. Social engineering really comes down to the art of human manipulation. The single most efficient countermeasure to social engineering attacks remains common sense. Keeping education of users at the forefront of your organization provides immeasurable benefits. If you believe someone is attempting to trick or foil you, simply stop all communications with them, and reach out to your technical support center to report suspicious activity.