Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.
McAfee’s whitepaper “Hacking the Humanos Operating System” focuses on the use of social engineering to attack home and business users and finds once again that people are the weakest link. The McAfee report points out that there are many organizations who develop and deliver user awareness programs into their business areas, but the effectiveness of such programs varies, and in some identified cases, even after the security training has been delivered, it has done very little to educate their end users with any valued security awareness to mitigate the threat of the social engineering attack.
Vishing refers to phishing done over phone calls. Since voice is used for this type of phishing, it is called vishing → voice + phishing = vishing.
Considering the ease and enormity of data available in social networks, it is no surprise that phishers communicate confidently over a call in the name of friends, relatives or any related brand, without raising any suspicion.
SMS phishing or SMiShing is one of the easiest types of phishing attacks.
The user is targeted by using SMS alerts.
In SMiShing, users may receive a fake DM or fake order detail with a cancellation link.
The link would actually be a fake page designed to gather personal details.
Search engine phishing is the type of phishing that refers to the creation of a fake webpage for targeting specific keywords and waiting for the searcher to land on the fake webpage.
Once a searcher clicks on the page link, s/he will never recognize that s/he is hooked until it is too late.
Unlike traditional phishing – which involves sending emails to millions of unknown users – spear phishing is typically targeted in nature, and the emails are carefully designed to target a particular user.
These attacks have a greater risk because phishers do a complete social profile research about the user and their organization – through their social media profile and company website.
Out of the different types of phishing attacks, Spear phishing is the most commonly used type of phishing attack – on individual users as well as organizations.
Whaling is not very different from spear phishing, but the targeted group becomes more specific and confined in this type of phishing attack.
This technique targets C-suite posts like CEO, CFO, COO – or any other senior management positions – who are considered to be big players in the information chain of any organization, commonly known as “whales” in phishing terms.
Technology, banking, and healthcare are the most targeted sectors for phishing attacks. This is because of two main factors: a huge number of users and higher dependency on data.
Links:
https://youtu.be/D5kg3jZ0Kcw
https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering
https://community.mcafee.com/t5/Documents/Hacking-the-Human-Operating-System-Raj-Samani/ta-p/550808?attachment-id=6539
https://www.csoonline.com/article/2124681/what-is-social-engineering.html
https://blog.syscloud.com/types-of-phishing/