Social Engineering is a type of fraudulent act where cybercriminals pose as someone else trying to obtain personal information from victims. This type of scam mainly relies on psychological manipulation rather than technical hacking.
According to ISACA’s State of Cybersecurity 2022, social engineering is the main factor for network compromise. The reason for social engineering being highly effective is due to the exploitation of human emotions. Successful social engineering often includes tactics exploiting human emotions as a trusted brand, government agency, inducing fear or sudden sense urgency, appealing to greed and/or helpfulness or curiosity. There are multiple different types of social engineering attacks to keep an eye out for. The most common types of social engineering are phishing, baiting, tailgating, pretexting, quid pro quo, scareware, and watering hole attack.
- Phishing: deceptive emails and/or messages that appear legitimate to trick individuals in giving out their personal information.
- Baiting: Often offers something of interest like a free download that contains malware designed to steal individuals’ information.
- Tailgating: Stealing personal information by physically following individuals by trailing closely behind them. The point of this is to avoid confrontation.
- Pretexting: Creating a completely pre-made-up scenario pretending to be someone trusting to trick individuals to reveal their personal information.
- Quid Pro Quo: Offering a reward of benefit in exchange for revealing personal information.
- Scareware: Scam that uses scare tactics and urgency to obtain personal information.
- Watering Hole: Scam that cybercriminals use to infect a user’s computer by infecting a frequently visited website.
For more information on different types of network compromise, please visit us at www.equitybank.com/fraud-prevention/