Seven Social Engineering Tricks That Put Our Security at Risk
The art of online deception has now taken a new form – social engineering. This type of cyber attack does not rely on complex algorithms or impenetrable code, but instead uses psychological tactics and people’s trust. According to Verizon’s 2023 Data Breach Investigations Report, 74% of the breaches that occurred in 2022 were due to human error, a figure that reinforces how seriously we take this type of crime.
Social engineering is the ability to trick people into revealing sensitive information or taking actions that could compromise security. It targets a person with tactics that exploit emotions of fear or urgency. Attacks come in many forms, and the digital threat is particularly insidious because it can affect so many people at once.
Acronis explores the seven most common social engineering tricks used by cybercriminals to compromise data and systems.
An insidious method that involves sending seemingly legitimate emails to selected victims, tricking them into revealing personal information, clicking on malicious links, or downloading infected attachments. A hacker could, for example, impersonate an employee of a reputable bank to trick recipients into updating their account information by clicking a link that redirects them to a fake site.
The name comes from the abbreviation for “voice phishing,” as this technique uses a telephone contact to steal sensitive data. Under the guise of a trusted authority, such as a banking institution or government agency, scammers convince victims to disclose Social Security numbers or financial information.
Similar to vishing, this approach tricks recipients with text messages. Scammers send messages containing malicious links or convince victims to call a fake number, trying to get them to share financial, banking or other personal information or install malware that does the same thing.
The stakes of such attacks are typically very high: whaling (hunting for large fish) targets executives or key decision makers in organizations. These individuals have higher status, authority and systemic powers; if the deception is successful, it allows the extortion of strategic corporate or financial information.
A technique in which criminals create pretexts, i.e., elaborate narratives or stories, to gain the trust of victims and force them to reveal confidential information. One of the most common examples is a scammer posing as an IT professional and asking for access credentials under the guise of performing simple maintenance or testing activities.
6. Company email compromise
This type of attack, often targeting the sales departments of companies, involves criminals signing emails posing as senior executives and requesting urgent money transfers or sensitive financial information, taking advantage of the recipient’s perceived respect for the sender’s authority.
A physical form of social engineering in which a hacker and authorized individuals gain access to restricted areas. Taking advantage of a person’s trust, the criminal manages to enter prohibited places without permission. Call centers and server rooms are very vulnerable to this type of attack.