There are plenty of types of social engineering attacks. Not just through emails (phishing), but also phone calls (vishing), SMS (smishing), and social engineering attack can even be in person (using typical social cues like pretending to be a delivery driver to gain access.)
Social Media Phishing
At the highest level, most phishing scams aim to achieve three things:
- They want your personal information so that they commit identity fraud. If they have access to your name and address, they are likely to steal your identity.
- They can trick an individual into thinking they are being sent a legitimate link. The link can often redirect a user to a suspicious website which allows other cyber criminals to gain details through malware. Passwords in particular are of keen interest to hackers.
- Another reason hackers utilise phishing scams is to scare an individual or lead them into a mistake caused by excitement. If you tell someone they are owed a lot of money, you can easily manipulate them into clicking on a suspicious link.
Pretexting is another type of social engineering
Pretexting can cause issues for individuals. Hackers and criminals may use this type of social engineering to entice a person to hand over their details. Tripwire suggested this can be done in a variety of ways. The latest WhatsApp scam is a prime example of pretexting. A cyber criminal will tend to impersonate a family member or a person that the individual trusts.
WhatsApp examples include a scammer messaging a father saying that it was one of their children trying to contact them. They would say they had lost their phone and were using a friend’s phone. From there, they would ask the intended target of the scam to send money to a separate bank account so that they could purchase a new phone. If there is a sense of urgency to the messages, the victim is likely to transfer the money without even thinking about it. That’s how it usually works.
In other cases, the scammer will take on the form of a Manager or Senior Employee and email or text a lower-level employee. They can send them links that they need to click on, and the victim is likely to respond to someone higher up who possesses authority. Managed Security Awareness Training can definitely help your company with regard to this.