Social Network / Social Engineering

In social engineering attacks, victims are manipulated into handing over sensitive information that can be used for malicious purposes.

What is social engineering?

Social engineering is the practice of manipulating people into giving up sensitive information. Social engineering attacks can happen in person, such as a burglar dressed as a delivery man getting buzzed into a building. This article will instead focus on social engineering cyber attacks. In most cases, these attacks aim to get the victim to divulge either login credentials or sensitive financial information.

  • An attacker sends an email to a victim who appears to come from someone in the victim’s contact list. This email can contain a suspicious link to execute a malicious cross-site scripting attack or direct the victim to a malicious site.
  • An attacker baits users online with links that claim to be downloads of famous movies or software, but these downloads contain a malicious payload.
  • An attacker contacts a victim claiming to be a wealthy foreigner who needs US bank account information to transfer their fortune, offering to reward the victim handsomely in exchange for their bank account information. In reality, the attacker is out to drain the victim’s accounts.
Social Engineering - Fake Login Page

In addition to these small and personal social engineering scams, more sophisticated social engineering attacks are leveraged against entire organizations, such as thumb-drive drops. These attacks can target the networks of well-protected companies, even those not connected to the Internet. Attackers do this by scattering several USB drives around the parking lot of the target company. They put an enticing label such as ‘confidential’ on these drives, hoping that some curious employee will find one and stick it into their computer. These drives can contain very destructive viruses or worms that will be hard to detect since they are entering the network from a local computer.

What are some famous examples of social engineering attacks?

The 2011 data breach of RSA created a big stir, primarily because RSA is a trusted security company. This breach disrupted RSA’s popular two-factor authentication service, SecurID. While all the details of the attack have not been publicly disclosed, it is known that it began with a social engineering attack. The attack was initiated with a basic phishing attack, where the attackers sent low-level RSA employees emails that appeared to be company emails regarding recruiting. One of these employees opened an attachment in this email, triggering the attack.

The Associated Press fell victim to a social engineering attack in 2013 that led to a $136 billion stock market plummet. Once again, this was carried out by a phishing attack sent out to employees. One of the employees triggered the attack by simply opening a link in the email, compromising the AP’s Twitter account. The attackers tweeted a fake news story about an explosion in the White House. This fake news story circulated quickly and led to a 150-point nosedive of the Dow. A Syrian hacker group known as the Syrian Electronic Army claimed responsibility for the attack but never provided any proof.

Thanks to its sophistication, the data breach attack leveraged against Target in 2013 has become one of the most infamous cyber-attacks in history. As the others mentioned, this attack began with social engineering, but the attackers didn’t go after anyone working for Target. Instead, they emailed employees of a heating-and-air-conditioning vendor with high-tech air conditioners installed in Target stores. These air conditioners were linked to Target’s in-store computer systems. Once the attackers compromised the third-party vendor, they could hack into Target’s networks and collect credit card information from credit card scanners in thousands of stores, exposing the financial data of around 40 million Target customers.

How to protect against social engineering attacks

While automated security features like email screening can help prevent attackers from contacting victims, the best defense against social engineering attacks is common sense and up-to-date knowledge of prevalent social engineering attacks. The United States Computer Emergency Readiness Team (US-CERT) advises citizens to be wary of suspicious communications and to only submit sensitive information over the web on secure web pages (HTTPS and TLS are reasonable indications of website security). They also recommend avoiding clicking on links sent in emails and instead typing the URLs of trusted companies directly into the browser.


Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!

Please enter CoinGecko Free Api Key to get this plugin works.