Powered by

 Gemini Logo

Sign in

Cryptopedia. Your trusted source for all things crypto.

Buy crypto

Topics

View all

Powered by

 Gemini Logo

Sign in

Buy crypto

Common Social Engineering Techniques

Some hackers rely on exploiting human vulnerabilities instead of technological ones — find out how to protect yourself from “social engineering.”

By Cryptopedia Staff

Updated March 10, 20223 min read

Common Social Engineering Techniques

Summary

Social engineering techniques rely on human vulnerabilities, not the technical prowess of a potential hacker. Social engineering is used to gain (unauthorized) access to sensitive data, cryptocurrency wallets or accounts, or to induce victims to download malware onto computers and networks to enact further damage. Such techniques include phishing, baiting, quid pro quo attacks, pretexting, and tailgating.

During a phishing attack, a malicious actor impersonates a credible authority figure or organization in an attempt to trick a victim into disclosing sensitive information or parting with funds. While the target of a phishing attack may be an individual, in most cases the attacker’s broader goal is to compromise one or more systems the victim has access to. If a phishing attack on an individual is successful, the consequences can reverberate far and wide, affecting other users and adjacent networks with alarming speed.

Variants of phishing attacks include spear phishing, vishing, and smishing. Spear phishing attacks are highly targeted towards specific individuals, organizations, or businesses. For example, attackers may customize their emails or communications with knowledge of an individual’s position within an organization. So-called “vishing attacks” use voice communications, especially Voice-over-Internet-Protocol (VoIP) solutions, to trick victims into calling and revealing personal information such as their credit card number or billing address. “Smishing attacks” use SMS or text messages to redirect victims to malicious sites or trick them into divulging sensitive personal information.

Baiting: A Common Social Engineering Technique

Baiting attacks often exploit a victim’s greed with the promise of a quick payout. For example, an attacker might leave an infected USB stick in a public place, hoping a victim might insert the stick out of curiosity, and thereby install malware onto their system. An online ad might trick a victim by promising a quick cash payout in exchange for creating an account with their sensitive personal information.

Peer-to-peer (P2P) websites are also targeted by baiting attacks. The promise of free movie or music downloads may entice some users to drop their guard and give up their banking information. Victims who give up banking information for the promise of deals, quick returns on investments, or free cash prizes might find their accounts depleted once that information is shared.

Quid Pro Quo Social Engineering Attack

Similar to baiting schemes, quid pro quo attacks generally involve a promise for a fraudulent exchange. For example, an attacker may promise a reward or offer to participate in a research study in exchange for company data. Scammers may also pose as internal IT staff, ready to assist with a problem or offer software security protection in exchange for personal information or other sensitive data.

Pretexting: A Familiar Social Engineering Example

Pretexting often takes the form of an attacker posing as a trusted figure, such as a bank official or a law enforcement officer. The attacker then elicits personal information from the victim, such as a social security number, under the pretext of verifying their identity.

One familiar pretexting scenario might entail a message from a friend’s social media account claiming they are stranded and in need of immediate emergency funds. A scammer might also claim to be a representative of a political campaign or charity and ask for support for a cause.

Each of these scenarios relies on some form of psychological manipulation, where a victim is made to believe they are fulfilling their duties or helping out a friend in need.  

Tailgating or Piggybacking: In-Person Social Engineering Attacks

Tailgating or piggybacking attacks generally involve physical access to a building or restricted area that contains secure information. Criminals can simply follow someone holding the door open for them into a secure building, bypassing the building’s security protocols. For this reason, security-focused companies may train their employees about tailgating attacks, in addition to other social engineering techniques.

Whether you work at a bank or crypto exchange, or merely have a bank or crypto exchange account, be wary of these social engineering attacks that could compromise your personal accounts.

Cryptopedia does not guarantee the reliability of the Site content and shall not be held liable for any errors, omissions, or inaccuracies. The opinions and views expressed in any Cryptopedia article are solely those of the author(s) and do not reflect the opinions of Gemini or its management. The information provided on the Site is for informational purposes only, and it does not constitute an endorsement of any of the products and services discussed or investment, financial, or trading advice. A qualified professional should be consulted prior to making financial decisions. Please visit our Cryptopedia Site Policy to learn more.

Is this article helpful?

Yes

No

Topics in article
Up Next