Social engineering is the act of manipulating someone into releasing sensitive information or providing them access to your network. For example, a social engineer could pose as an IT specialist and try to trick an employee into divulging their login credentials. The following are some of the most common social engineering tactics.
Pretexting
Pretexting is the use of a ploy to capture a victim’s attention. Once the story catches the person’s interest, the scammer tries to trick the victim into providing sensitive information. For example, you may receive an email naming you as the beneficiary of a will, which requests your personal information to prove your identity so you can receive your inheritance.
Baiting
Baiting means presenting something to a victim so they take an action (not unlike how a fish would react to a worm on a hook). For example, a cyber criminal may label a flash drive loaded with malware something like “Confidential” or “Q1 Layoff Plan” and leave it in plain view for someone to find. Someone who takes the bait would investigate the flash drive by plugging it into their computer.
Scareware
In the case of “scareware,” a victim becomes bombarded with false alarms and fake threats. The victim is deceived to believe their system is infected with malware, and that they must install a program – which is actually malware itself – to remove it. Never download ransomware protection that is not from a trusted source.