Computer-based social engineering refers to attacks carried out with the help of computer software to get the desired information. Some of these attack types are listed as follows:
What is Computer based social engineering
- Pop-up windows: Pop ups trick users into clicking on a hyperlink that redirects them to visit an attacker's web page, asking them to give away their personal information or asking them to download software that could have attached viruses in the backend.
- Insider attack: This type of attack is performed from inside the target network. Most insider attacks are orchestrated by disgruntled employees who are not happy with their position in the organization or because they have personal grudges against another employee or the management.
- Phishing: Spammers often send e-mails in bulk to e-mail accounts, for example, those claiming to be from the UK lottery department and informing you that you have won a million pounds. They request you to click on a link in the e-mail to provide your credit card details or enter information such as your first name, address, age, and city. Using this method the social engineer can gather social security numbers and network information.
- The "Nigerian 419" scam: In the Nigerian scam, the attacker asks the target to make upfront payments or make money transfers. It is called 419 because "4-1-9" is a section of the Nigerian Criminal Code that outlaws this practice. The attacker or scammers usually send the target e-mails or letters with some lucrative offers stating that their money has been trapped in some country that is currently at war, so they need help in taking out the money and that they will give the target a share, which never really comes. These scammers ask you to pay money or give them your bank account details to help them transfer the money. You are then asked to pay fees, charges, or taxes to help release or transfer the money out of the country through your bank. These "fees" may start out as small amounts. If paid, the scammer comes up with new fees that require payment before you can receive your "reward". They will keep making up these excuses until they think they have got all the money they can out of you. You will never be sent the money that was promised.
- Social engineering attack through a fake SMS: In this type of attack, the social engineer will send an SMS to the target claiming to be from the security department of their bank and also claiming that it is urgent that the target call the specified number. If the target is not too technically sound, they will call the specified number and the attacker can get the desired information.
You can also look at : The Social Engineer Toolkit | Kali Linux
EmoticonEmoticon