Social engineering attacks prey on human error, waiting for authorized insiders to provide an opening into a computer system. As opposed to other attack methods that rely solely on technological tools to crack the security perimeter, social engineering seeks to anticipate and influence human behavior.
In this article, we’ll provide insight into the concept of social engineering and outline four attack stages. We’ll also provide examples of different types of social engineering attacks. Read on to learn about social engineering and effective protection measures.
Social engineering is a method used by attackers to mislead and trick users into providing confidential information or acting in a way that compromises security.
Most social engineering attacks occur in four stages:
Research—attackers identify their targets, who may be a large group or specific individuals with privileged access or information. They gather background information about these targets, finding an effective way to get their attention and stimulate them into performing a desired action.
Hooking—attackers launch the attack, typically by sending messages over a written communication channel. The messages are aimed to engage the target and spin a story that can get their attention, and allows the attacker to take control and drive the target to a desired behavior.
Activation—once the target has performed a compromising action, the attacker uses this to obtain sensitive data or access, and deepen their foothold in the target organization.
Exit—sophisticated attackers can perform malicious actions silently, and remove traces of malware, leaving human targets and security staff at the targeted organization unaware of an attack. Alternatively, attackers can use compromised access to place ransomware, which then facilitates then holds a system hostage remotely until a ransom is paid or data is lost.
Types of Social Engineering Attacks
Social engineering is broadly defined and there may be many forms of interactions of attackers with attack targets. Here are the most common social engineering attacks:
Phishing attacks are based on email and text messages, which get the attention of their targets by creating a sense of danger, urgency, curiosity or potential personal gain. The message tells a story and encourages users to click a link, download an attachment or perform another action that will compromise security. Commonly, the email appears to originate from an entity the user recognizes, such as a friend, colleague or service provider.
A variation on this attack is spear phishing, which is an attack targeted against specific individuals who have access to critical systems or significant influence, such as CEOs, system administrators or finance staff. Attackers launch sophisticated, targeted campaigns that exploit specific traits of their targets and use carefully collected personal information to trick them into complying.
Attack example: A user receives an email from their bank asking them to change their password. The email appears to be sent by the bank and looks similar to messages sent by the real institution, but is faked by the attackers. It contains a link sending the user to a fake version of the bank website, where the user supposedly changes password, delivering their real password to the attackers.
Baiting manipulates the target emotionally by offering a large reward or appealing to their curiosity. Attackers draw the target into a trap, and steal their personal information or install malware on their device. Baiting can take the form of a physical object, such as a USB disk with a label indicating it contains very valuable or interesting information. It can also happen online, for example via an advertisement that encourages users to visit a malicious website.
Attack example: An attacker leaves a USB drive with the label “Confidential Corporate Information” in a toilet or public place. A bystander picks up the device and connects it to their computer to see the supposed confidential information, and the USB drive installs malware on their machine.
Scareware involves alerting the user to false threats or problems on their computer system. The attacker uses software installed on the user’s device, or a website they visit, to bombard the user with pop up windows or other forms of alerts. The alerts warn the user of malware infection or other serious problems on the computer, and prompt them to take action, such as installing a malware-infected tool or performing a fictitious “scan” of their computer.
Attack example: A user visits a malicious website and sees a popup warning that their computer is infected with spyware. They are encouraged to download a free tool to clean their system. The user clicks and installs the software, which in reality is itself malware.
In a pretexting attack, also known as vishing, an attacker pretends to be an authority or a trusted party such as the police, a government authority, the target’s bank, etc. They ask the target a series of questions that are supposedly needed to identify the target or provide them with service, but in fact cause the target to surrender their confidential information.
Attack example: An attacker pretends to be a tax authority and asks their target for social security and bank account information. Some users may believe the scam, comply and surrender their personal and financial information.
Social Engineering Prevention
Social engineering is becoming more sophisticated and manipulates human weaknesses, so there is no way to completely prevent it. However, there are several ways your organization can reduce the chances of a successful attack:
Educate users to recognize social engineering—security training can help users identify tell-tale signs of phishing and scams, avoid interacting with suspicious emails, and report incidents to security.
Alert users that emails come from an untrusted source—email systems can warn or even block users from opening or interacting with an email from an unknown or suspicious source.
Use multi-factor authentication—if you require users to combine passwords or other credentials with something they own, such as a security token or mobile phone, you can limit the impact of a social engineering attacks. Attackers may be able to obtain credentials but not physical objects.
Use next-gen antivirus—next-generation antivirus can prevent the execution of malicious files, even if they don’t match a known malware signature. Attackers are increasingly using defense-evading malware, file encryption, and fileless attacks that are invisible to traditional antivirus.
The key to preventing social engineering is a “defense in depth” approach that combines human alertness, measures to prevent the transmission and execution of harmful content, robust antivirus technology, and strong authentication as a last line of defense, in case an attack succeeds.
Social Engineering Prevention with Cynet’s Next-Gen Antivirus
Cynet NGAV combines multiple prevention technologies to maximize protection against advanced threats, including zero day attacks like advanced persistent threats and social engineering. It is part of the Cynet 360 suite of cybersecurity solutions, which together provide a holistic security strategy than can keep up with any threat.
Cynet’s features include:
Blocking suspicious behavior—Cynet monitors endpoints to identify behavioral patterns that may indicate an exploit. This means that even if credentials are breached, the threat actor’s ability to use them will be limited.
Blocking malware—Cynet’s multi-layered malware protection includes sandboxing, process behavior monitoring and ML-based static analysis, as well as fuzzy hashing and threat intelligence. This ensures that even if a social engineering attempt is successful in convincing an insider to download malware, Cynet will prevent it from running.
UBA—Cynet updates a behavioral baseline based on continued, real-time user behavior analysis, and provides alerts when it identifies a behavioral anomaly. This anomaly may indicate a compromised user account or an unauthorized action by a user.
Uncover hidden threats—Cynet thinks like an adversary to uncover threats, identifying indicators of compromise and anomalous behavior across endpoints, users, files, and networks. This provides a holistic account of the attack process and helps identify vulnerable points.