In his book, “The Art of Deception,” popular hacker Kevin Mitnick explained the power of social engineering techniques. Today, we are aware that social engineering can be combined with hacking to power insidious attacks.
Let’s consider, for example, social media and mobile platforms; they are powerful attack vectors for various categories of threat actors because they allow hitting large audiences instantaneously.
Most of the attacks exploiting both paradigms are effective because they leverage the concept of “trust” on which social networks are built.
Let’s take a close look at the most common social engineering attacks used to target users.
Phishing attacks are the most common type of attacks leveraging social engineering techniques. Attackers use emails, social media, instant messaging and SMS to trick victims into providing sensitive information or visiting malicious URLs in the attempt to compromise their systems.
Phishing attacks present the following common characteristics:
- Messages are composed to attract the user’s attention, in many cases to stimulate his curiosity by providing a few pieces of information on a specific topic and suggesting that the victims visit a specific website to learn more.
- Phishing messages aimed at gathering a user’s information convey a sense of urgency. This is an attempt to trick the victim into disclosing sensitive data in order to resolve a situation that could get worse without the victim’s interaction.
- Attackers leverage shortened URL or embedded links to redirect victims to a malicious domain that could host exploit codes or that could be a clone of legitimate websites with URLs that appear legitimate. In many cases, the actual link and the visual link in the email are different; for example, the hyperlink in the email does not point to the same location as the apparent hyperlink displayed to the users.
- Phishing email messages have a (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Pierluigi Paganini. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Ef4pgvMnxCo/