Would you fall for any of these four schemes?
Did you know that phishing is the most common type of social engineering? It is a component of over 90% of all APT (Advanced Persistent Threat) attacks. Attackers will pose as a legitimate company (PayPal, Google, etc.), sending you a fake email that looks realistic. They want you to click a link in the email or download an attachment that will infect your computer with malicious code. Think before you click! When in doubt, delete!
Tailgating is another simple, yet effective social engineering technique in the Physical Domain. There is no password cracking or complicated hacking. The attacker just piggybacks behind someone. Never let anyone enter a secure building on your access pass or badge. The same goes for network access – EVERYONE must use their own user IDs and passwords to login.
All it takes is someone standing reasonably close to you. Their goal might be to glance quickly as you enter your PIN into an ATM or your password as you enter any online site on your mobile device. The shoulder surfer will act as innocently and innocuously as possible. You may not even be aware that they are there, but they are watching closely. Their eyes are locked on your hands and/or keyboard.
This type of social engineering attack occurs over the telephone using the same premise as phishing. They pretend to be your bank, a doctor, or someone you would trust with PII (Personally Identifiable Information). They make some false claims, asking you to confirm your PII, when in actuality they are collecting pieces of your identity to steal and/or sell. When used against companies, pretexting has led to many serious corporate data breaches! Never, ever give out personal or corporate confidential information over the phone to someone whose identity you can’t confirm.