What are examples of social engineering attacks
Anyone could fall for these 5 social engineering examples!
These social engineering examples show how successfully criminals can use interpersonal influence to achieve their goal. It can be the handing over of hardware or access to buildings. There are many incidents that confirm that these attacks are being carried out in practice. It is assumed that the number of unreported victims is many times higher.
In order to be prepared for the advanced social engineering attacks, we took the trouble and picked out more sophisticated attacks. When it comes to social engineering, we also speak of social hacking. However, the approach taken by professional attackers is more extensive.
It's partly about faking identities and getting free services. However, breaking into IT systems is also one of the criminals' goals.
Register now for our free webinar!
Emergency plan & awareness - better before an emergency!
Now free of charge Sign in
May 28, 2021 from 10:00 a.m. - 10:30 a.m.
Non-binding, free of charge and can be canceled at any time!
Example 1: Shoulder Surfing & Dumpster Diving
The first social engineering example has little to do with IT systems. The bigger problem is taking advantage of the carelessness of the users. In shoulder surfing, usually in public spaces, the target person looks over the shoulder.
The laptop is not always secured with a privacy screen when working. In this way, people sitting next to you can collect valuable information to prepare for an attack.
But dumpster diving is also a very non-technical approach to successful social engineering attacks. It's about stealing trash cans. If sensitive information isn't shredded, it's the jackpot for the criminals.
Even the strip cut is not sufficient destruction for sensitive documents. A cross cut makes it almost impossible for criminals to recover the documents.
In order to successfully carry out a social engineering attack in a business context, preparatory work is necessary. A sketch for this is already shown in example 1.
However, so-called pretexting can be used to increase the probability of an attack being successful. The main focus is on human emotions and needs:
- Wishes like profiling, material gain
- fears like fear of loss or rejection
- Character traits like trust in authorities or helpfulness
The victim is contacted during pretexting. But the message picks up at least one emotion or need. With this, the attacker aims to make the victim decide against the rational, correct action. The consequence can be the disclosure of sensitive information.
Those who put more effort into creating false identities as part of pretexting and, if necessary, also operate false profiles in social networks and on dating portals.
From the private context, the grandchild's trick is now a well-known scam in the form of pretexting.
Example 3: Call ID spoofing & voice manipulation
After extensive information has been collected and the first contact has taken place, the next step is to build trust and remove obstacles. The criminal pursues this goal to the suffering of the victims.
Call-ID spoofing is used, especially when fraudulent with money. The Caller ID is the telephone number of the calling person. With Call-ID spoofing, the phone number displayed for the person being called is manipulated.
The most successful fraud in the private context is police fraud. Strangers call 110 mainly seniors and give an excuse why cash or valuables have to be handed over. However, this approach also occurs in a business context.
Anyone who sends out a payment notification, especially if it is not the usual e-mail from the sender, has only a slim chance of success. The chances are better if a call is announced in the email.
Calling the actual number of the person who originally owned that number increases the chances of a successful scam.
With the reduction of the voice quality and the limitation to the bare essentials, criminals drive successfully. Does the impersonated person have an extraordinary voice? Then it helps to use voice manipulation software. The first successful scams have now come to light.
Example 4: Reverse Social Engineering Attack
In the reverse social engineering attack, the victim is motivated to contact the fraudster. The creativity of the criminals is great on this point. The simple step would be to prepare an email informing you that the service provider for handling tickets has changed.
For this reason there is a new email and phone number. If the victim now opens a ticket, the “new” service desk is contacted. It is then agreed that the data that are causing the problem must be sent or the computer must be picked up by an external service provider.
Example 5: Watering Hole Attacks
The "waterhole" attack also relies on the victims' employees. The watering holes that the victim is supposed to fall for are on popular or highly visited websites.
If it is known that the employees of a company have to visit a website frequently, e.g. to open tickets, authenticate themselves or look up information, this can be used to prepare for a watering hole attack.
If the target group visits the website, the redirect placed is used to infect the victims with malware on the following website.
This procedure is complex and rarely found. But it is effective because third-party sources, popular and frequently used websites can rarely be blocked in company policies.
Extended social engineering examples that anyone can fall for - right?
The success of a social engineering attack depends on the attacker's effort. If professional attackers set out to attack with extensive monetary means, the chances are good that they will succeed.
The common phishing and spear phishing attacks have not been used in this article - even if they can cause considerable damage, e.g. at Wempe or Norsk Hydro.
- Who are the best organists today?
- How do we identify 22 carat gold
- What grows on my cedar tree
- Tito killed 500,000 people
- What is government and politics
- How were clothes cleaned in historical times
- What are Onion Website Interesting URLs
- Who is the most arrogant person today?
- What are the historical Tamil baby names
- Why is Pak Kashmir occupied
- How do mangoes taste
- What screams, I'm a European in America
- What is an extrovert
- Is Donald Trump a neoliberal
- Is life inherently destructive
- The people of Mongolia celebrate Christmas
- How did paganism end
- Why don't police cars have hubcaps?
- Why are websites not illegal
- How many students are there in the IIT
- Why is India called a socialist country
- Real Madrid still misses Ronaldo
- Shahrukh Khan deserves an Oscar
- Mineral water is safe or not